summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPablo M. Bermudo Garay <pablombg@gmail.com>2017-08-23 22:42:56 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2017-09-04 22:29:19 +0200
commitc0697eabe832d0aed974e7a72000c58b954dfe71 (patch)
tree085f3dbb32866ce3c7f8f44a3b6ed8a0d300ee40 /include
parent4b8cfe020c9adc71dad857106b915aae01348df4 (diff)
src: add stateful object support for limit
This patch adds support for a new type of stateful object: limit. Creation, deletion and listing operations are supported. Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_tables.h3
-rw-r--r--include/rule.h13
-rw-r--r--include/statement.h1
3 files changed, 16 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 5441b190..f3289443 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1278,7 +1278,8 @@ enum nft_ct_helper_attributes {
#define NFT_OBJECT_COUNTER 1
#define NFT_OBJECT_QUOTA 2
#define NFT_OBJECT_CT_HELPER 3
-#define __NFT_OBJECT_MAX 4
+#define NFT_OBJECT_LIMIT 4
+#define __NFT_OBJECT_MAX 5
#define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1)
/**
diff --git a/include/rule.h b/include/rule.h
index 04da000f..631a1bcd 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -272,6 +272,14 @@ struct ct_helper {
uint8_t l4proto;
};
+struct limit {
+ uint64_t rate;
+ uint64_t unit;
+ uint32_t burst;
+ uint32_t type;
+ uint32_t flags;
+};
+
/**
* struct obj - nftables stateful object statement
*
@@ -291,6 +299,7 @@ struct obj {
struct counter counter;
struct quota quota;
struct ct_helper ct_helper;
+ struct limit limit;
};
};
@@ -357,6 +366,8 @@ enum cmd_ops {
* @CMD_OBJ_COUNTERS: multiple counters
* @CMD_OBJ_QUOTA: quota
* @CMD_OBJ_QUOTAS: multiple quotas
+ * @CMD_OBJ_LIMIT: limit
+ * @CMD_OBJ_LIMITS: multiple limits
*/
enum cmd_obj {
CMD_OBJ_INVALID,
@@ -381,6 +392,8 @@ enum cmd_obj {
CMD_OBJ_QUOTAS,
CMD_OBJ_CT_HELPER,
CMD_OBJ_CT_HELPERS,
+ CMD_OBJ_LIMIT,
+ CMD_OBJ_LIMITS,
};
struct export {
diff --git a/include/statement.h b/include/statement.h
index 6d8aaa8b..2f702c3c 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -325,5 +325,6 @@ extern void stmt_list_free(struct list_head *list);
extern void stmt_print(const struct stmt *stmt, struct output_ctx *octx);
const char *get_rate(uint64_t byte_rate, uint64_t *rate);
+const char *get_unit(uint64_t u);
#endif /* NFTABLES_STATEMENT_H */