summaryrefslogtreecommitdiffstats
path: root/include/rule.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-01-18 08:43:23 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-03-05 16:30:15 +0100
commit92911b362e9067a9a335ac1a63e15119fb69a47d (patch)
tree74dba6877734feb8a1900b469b76bb1dffc13421 /include/rule.h
parentdb0697ce7f6020b525cee072e7c0c85512daabda (diff)
src: add support to add flowtables
This patch allows you to create flowtable: # nft add table x # nft add flowtable x m { hook ingress priority 10\; devices = { eth0, wlan0 }\; } You have to specify hook and priority. So far, only the ingress hook is supported. The priority represents where this flowtable is placed in the ingress hook, which is registered to the devices that the user specifies. You can also use the 'create' command instead to bail out in case that there is an existing flowtable with this name. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r--include/rule.h7
1 files changed, 7 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 33bb24fa..262814ea 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -326,10 +326,13 @@ uint32_t obj_type_to_cmd(uint32_t type);
struct flowtable {
struct list_head list;
struct handle handle;
+ struct scope scope;
struct location location;
+ const char * hookstr;
unsigned int hooknum;
int priority;
const char **dev_array;
+ struct expr *dev_expr;
int dev_array_len;
unsigned int refcnt;
};
@@ -387,6 +390,8 @@ enum cmd_ops {
* @CMD_OBJ_CHAIN: chain
* @CMD_OBJ_CHAINS: multiple chains
* @CMD_OBJ_TABLE: table
+ * @CMD_OBJ_FLOWTABLE: flowtable
+ * @CMD_OBJ_FLOWTABLES: flowtables
* @CMD_OBJ_RULESET: ruleset
* @CMD_OBJ_EXPR: expression
* @CMD_OBJ_MONITOR: monitor
@@ -426,6 +431,7 @@ enum cmd_obj {
CMD_OBJ_CT_HELPERS,
CMD_OBJ_LIMIT,
CMD_OBJ_LIMITS,
+ CMD_OBJ_FLOWTABLE,
CMD_OBJ_FLOWTABLES,
};
@@ -485,6 +491,7 @@ struct cmd {
struct rule *rule;
struct chain *chain;
struct table *table;
+ struct flowtable *flowtable;
struct monitor *monitor;
struct markup *markup;
struct obj *object;