summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/expression.h7
-rw-r--r--include/linux/netfilter/nf_tables.h27
-rw-r--r--include/rt.h33
3 files changed, 67 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h
index eda3d98f..3ae4e804 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -35,6 +35,7 @@
* @EXPR_RELATIONAL: equality and relational expressions
* @EXPR_NUMGEN: number generation expression
* @EXPR_HASH: hash expression
+ * @EXPR_RT: routing expression
*/
enum expr_types {
EXPR_INVALID,
@@ -59,6 +60,7 @@ enum expr_types {
EXPR_RELATIONAL,
EXPR_NUMGEN,
EXPR_HASH,
+ EXPR_RT,
};
enum ops {
@@ -180,6 +182,7 @@ enum expr_flags {
#include <exthdr.h>
#include <numgen.h>
#include <meta.h>
+#include <rt.h>
#include <hash.h>
#include <ct.h>
@@ -283,6 +286,10 @@ struct expr {
enum proto_bases base;
} meta;
struct {
+ /* EXPR_RT */
+ enum nft_rt_keys key;
+ } rt;
+ struct {
/* EXPR_CT */
enum nft_ct_keys key;
int8_t direction;
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index e84a9f5b..2d477847 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -753,6 +753,19 @@ enum nft_meta_keys {
};
/**
+ * enum nft_rt_keys - nf_tables routing expression keys
+ *
+ * @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid)
+ * @NFT_RT_NEXTHOP4: routing nexthop for IPv4
+ * @NFT_RT_NEXTHOP6: routing nexthop for IPv6
+ */
+enum nft_rt_keys {
+ NFT_RT_CLASSID,
+ NFT_RT_NEXTHOP4,
+ NFT_RT_NEXTHOP6,
+};
+
+/**
* enum nft_hash_attributes - nf_tables hash expression netlink attributes
*
* @NFTA_HASH_SREG: source register (NLA_U32)
@@ -789,6 +802,20 @@ enum nft_meta_attributes {
#define NFTA_META_MAX (__NFTA_META_MAX - 1)
/**
+ * enum nft_rt_attributes - nf_tables routing expression netlink attributes
+ *
+ * @NFTA_RT_DREG: destination register (NLA_U32)
+ * @NFTA_RT_KEY: routing data item to load (NLA_U32: nft_rt_keys)
+ */
+enum nft_rt_attributes {
+ NFTA_RT_UNSPEC,
+ NFTA_RT_DREG,
+ NFTA_RT_KEY,
+ __NFTA_RT_MAX
+};
+#define NFTA_RT_MAX (__NFTA_RT_MAX - 1)
+
+/**
* enum nft_ct_keys - nf_tables ct expression keys
*
* @NFT_CT_STATE: conntrack state (bitmask of enum ip_conntrack_info)
diff --git a/include/rt.h b/include/rt.h
new file mode 100644
index 00000000..728cf5f0
--- /dev/null
+++ b/include/rt.h
@@ -0,0 +1,33 @@
+#ifndef NFTABLES_RT_H
+#define NFTABLES_RT_H
+
+/**
+ * struct rt_template - template for routing expressions
+ *
+ * @token: parser token for the expression
+ * @dtype: data type of the expression
+ * @len: length of the expression
+ * @byteorder: byteorder
+ * @invalid: invalidate datatype on allocation from parser
+ */
+struct rt_template {
+ const char *token;
+ const struct datatype *dtype;
+ unsigned int len;
+ enum byteorder byteorder;
+ bool invalid;
+};
+
+#define RT_TEMPLATE(__token, __dtype, __len, __byteorder, __invalid) { \
+ .token = (__token), \
+ .dtype = (__dtype), \
+ .len = (__len), \
+ .byteorder = (__byteorder), \
+ .invalid = (__invalid), \
+}
+
+extern struct expr *rt_expr_alloc(const struct location *loc,
+ enum nft_rt_keys key, bool invalid);
+extern void rt_expr_update_type(struct proto_ctx *ctx, struct expr *expr);
+
+#endif /* NFTABLES_RT_H */