src: add dup statement support

This allows you to clone packets to destination address, eg. ... dup to 172.20.0.2 ... dup to 172.20.0.2 device eth1 ... dup to ip saddr map { 192.168.0.2 : 172.20.0.2, ... } device eth1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-09-29 18:21:54 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-09-30 17:32:10 +0200
commit: b870b949470af0b1b578590b38efdd80048b539e (patch)
tree: 21fbd7c71aa63e3a95b0d4be80d56664b17b2cb7 /include/linux/netfilter
parent: de2ebd0e1d43361ecd879170b40bac76a503aa65 (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index db0457d9..5ebe3d85 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -936,6 +936,20 @@ enum nft_redir_attributes {
 #define NFTA_REDIR_MAX		(__NFTA_REDIR_MAX - 1)
 
 /**
+ * enum nft_tee_attributes - nf_tables tee expression netlink attributes
+ *
+ * @NFTA_DUP_SREG_ADDR: source register of destination (NLA_U32: nft_registers)
+ * @NFTA_DUP_SREG_DEV: output interface name (NLA_U32: nft_register)
+ */
+enum nft_tee_attributes {
+	NFTA_DUP_UNSPEC,
+	NFTA_DUP_SREG_ADDR,
+	NFTA_DUP_SREG_DEV,
+	__NFTA_DUP_MAX
+};
+#define NFTA_DUP_MAX		(__NFTA_DUP_MAX - 1)
+
+/**
  * enum nft_gen_attributes - nf_tables ruleset generation attributes
  *
  * @NFTA_GEN_ID: Ruleset generation ID (NLA_U32)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-09-29 18:21:54 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-09-30 17:32:10 +0200
commit	b870b949470af0b1b578590b38efdd80048b539e (patch)
tree	21fbd7c71aa63e3a95b0d4be80d56664b17b2cb7 /include/linux/netfilter
parent	de2ebd0e1d43361ecd879170b40bac76a503aa65 (diff)