From 4b89c0cb0883f638ff1abbc2ff47c43cdc26aac5 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sun, 19 Feb 2017 22:49:51 +0100 Subject: src: ct helper support add support for ct helper objects, these are used to assign helpers to connections, similar to iptables -j CT --set-helper target. Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- include/libnftnl/object.h | 6 ++++++ include/linux/netfilter/nf_tables.h | 12 +++++++++++- include/obj.h | 6 ++++++ 3 files changed, 23 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h index ca3abea..ccd9d19 100644 --- a/include/libnftnl/object.h +++ b/include/libnftnl/object.h @@ -34,6 +34,12 @@ enum { NFTNL_OBJ_QUOTA_FLAGS, }; +enum { + NFTNL_OBJ_CT_HELPER_NAME = NFTNL_OBJ_BASE, + NFTNL_OBJ_CT_HELPER_L3PROTO, + NFTNL_OBJ_CT_HELPER_L4PROTO, +}; + struct nftnl_obj; struct nftnl_obj *nftnl_obj_alloc(void); diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a9280a6..8f38426 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1260,10 +1260,20 @@ enum nft_fib_flags { NFTA_FIB_F_PRESENT = 1 << 5, /* check existence only */ }; +enum nft_ct_helper_attributes { + NFTA_CT_HELPER_UNSPEC, + NFTA_CT_HELPER_NAME, + NFTA_CT_HELPER_L3PROTO, + NFTA_CT_HELPER_L4PROTO, + __NFTA_CT_HELPER_MAX, +}; +#define NFTA_CT_HELPER_MAX (__NFTA_CT_HELPER_MAX - 1) + #define NFT_OBJECT_UNSPEC 0 #define NFT_OBJECT_COUNTER 1 #define NFT_OBJECT_QUOTA 2 -#define __NFT_OBJECT_MAX 3 +#define NFT_OBJECT_CT_HELPER 3 +#define __NFT_OBJECT_MAX 4 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** diff --git a/include/obj.h b/include/obj.h index edbf023..d90919f 100644 --- a/include/obj.h +++ b/include/obj.h @@ -30,6 +30,11 @@ struct nftnl_obj { uint64_t consumed; uint32_t flags; } quota; + struct nftnl_obj_ct_helper { + uint16_t l3proto; + uint8_t l4proto; + char name[16]; + } ct_helper; } data; }; @@ -49,6 +54,7 @@ struct obj_ops { extern struct obj_ops obj_ops_counter; extern struct obj_ops obj_ops_quota; +extern struct obj_ops obj_ops_ct_helper; #define nftnl_obj_data(obj) (void *)&obj->data -- cgit v1.2.3