diff options
author | Florian Westphal <fw@strlen.de> | 2013-10-22 15:03:52 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2014-02-18 22:31:07 +0100 |
commit | 2fcce8b0677b31a5566d4b0e2d7432e8f678aabc (patch) | |
tree | c1924e84d72d566526f22b4c663dd05141695dee /include/linux | |
parent | 71dc2810574a373dd1969088b7484933e40f6b46 (diff) |
ct: connlabel matching support
Takes advantage of the fact that the current maximum label storage area
is 128 bits, i.e. the dynamically allocated extension area in the
kernel will always fit into a nft register.
Currently this re-uses rt_symbol_table_init() to read connlabel.conf.
This works since the format is pretty much the same.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 448593c0..ff9b0a73 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -586,6 +586,7 @@ enum nft_meta_attributes { * @NFT_CT_PROTOCOL: conntrack layer 4 protocol * @NFT_CT_PROTO_SRC: conntrack layer 4 protocol source * @NFT_CT_PROTO_DST: conntrack layer 4 protocol destination + * @NFT_CT_LABELS: conntrack label bitset (stored in conntrack extension) */ enum nft_ct_keys { NFT_CT_STATE, @@ -601,6 +602,7 @@ enum nft_ct_keys { NFT_CT_PROTOCOL, NFT_CT_PROTO_SRC, NFT_CT_PROTO_DST, + NFT_CT_LABEL, }; /** |