diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-12-04 13:28:25 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:30:15 +0100 |
| commit | db0697ce7f6020b525cee072e7c0c85512daabda (patch) | |
| tree | 9458d01874a354f8bdacfae794d9e0b0d48ebf63 /include/linux/netfilter/nf_tables.h | |
| parent | ed183e43dbe5a896909470be172ad6ee45219f76 (diff) | |
src: support for flowtable listing
This patch allows you to dump existing flowtable.
# nft list ruleset
table ip x {
flowtable x {
hook ingress priority 10
devices = { eth0, tap0 }
}
}
You can also list existing flowtables via:
# nft list flowtables
table ip x {
flowtable x {
hook ingress priority 10
devices = { eth0, tap0 }
}
}
You need a Linux kernel >= 4.16-rc to test this new feature.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter/nf_tables.h')
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 2efbf974..b2d36004 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -92,6 +92,9 @@ enum nft_verdicts { * @NFT_MSG_GETOBJ: get a stateful object (enum nft_obj_attributes) * @NFT_MSG_DELOBJ: delete a stateful object (enum nft_obj_attributes) * @NFT_MSG_GETOBJ_RESET: get and reset a stateful object (enum nft_obj_attributes) + * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes) + * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes) + * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes) */ enum nf_tables_msg_types { NFT_MSG_NEWTABLE, @@ -116,6 +119,9 @@ enum nf_tables_msg_types { NFT_MSG_GETOBJ, NFT_MSG_DELOBJ, NFT_MSG_GETOBJ_RESET, + NFT_MSG_NEWFLOWTABLE, + NFT_MSG_GETFLOWTABLE, + NFT_MSG_DELFLOWTABLE, NFT_MSG_MAX, }; |