diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 14 | ||||
-rw-r--r-- | include/rule.h | 10 |
2 files changed, 23 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 393bcb56..709fbc8d 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1445,6 +1445,17 @@ enum nft_ct_timeout_timeout_attributes { }; #define NFTA_CT_TIMEOUT_MAX (__NFTA_CT_TIMEOUT_MAX - 1) +enum nft_ct_expect_attributes { + NFTA_CT_EXPECT_UNSPEC, + NFTA_CT_EXPECT_L3PROTO, + NFTA_CT_EXPECT_L4PROTO, + NFTA_CT_EXPECT_DPORT, + NFTA_CT_EXPECT_TIMEOUT, + NFTA_CT_EXPECT_SIZE, + __NFTA_CT_EXPECT_MAX, +}; +#define NFTA_CT_EXPECT_MAX (__NFTA_CT_EXPECT_MAX - 1) + #define NFT_OBJECT_UNSPEC 0 #define NFT_OBJECT_COUNTER 1 #define NFT_OBJECT_QUOTA 2 @@ -1454,7 +1465,8 @@ enum nft_ct_timeout_timeout_attributes { #define NFT_OBJECT_TUNNEL 6 #define NFT_OBJECT_CT_TIMEOUT 7 #define NFT_OBJECT_SECMARK 8 -#define __NFT_OBJECT_MAX 9 +#define NFT_OBJECT_CT_EXPECT 9 +#define __NFT_OBJECT_MAX 10 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** diff --git a/include/rule.h b/include/rule.h index 42d29b7c..67c3d331 100644 --- a/include/rule.h +++ b/include/rule.h @@ -386,6 +386,14 @@ struct ct_timeout { struct list_head timeout_list; }; +struct ct_expect { + uint16_t l3proto; + uint8_t l4proto; + uint16_t dport; + uint32_t timeout; + uint8_t size; +}; + struct limit { uint64_t rate; uint64_t unit; @@ -420,6 +428,7 @@ struct obj { struct limit limit; struct ct_timeout ct_timeout; struct secmark secmark; + struct ct_expect ct_expect; }; }; @@ -554,6 +563,7 @@ enum cmd_obj { CMD_OBJ_CT_TIMEOUT, CMD_OBJ_SECMARK, CMD_OBJ_SECMARKS, + CMD_OBJ_CT_EXPECT, }; struct markup { |