diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/datatype.h | 1 | ||||
-rw-r--r-- | include/expression.h | 7 | ||||
-rw-r--r-- | include/fib.h | 7 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 36 |
4 files changed, 51 insertions, 0 deletions
diff --git a/include/datatype.h b/include/datatype.h index 12ec46bc..9f3f711c 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -81,6 +81,7 @@ enum datatypes { TYPE_DEVGROUP, TYPE_DSCP, TYPE_ECN, + TYPE_FIB_ADDR, __TYPE_MAX }; #define TYPE_MAX (__TYPE_MAX - 1) diff --git a/include/expression.h b/include/expression.h index 3ae4e804..3a52a45c 100644 --- a/include/expression.h +++ b/include/expression.h @@ -61,6 +61,7 @@ enum expr_types { EXPR_NUMGEN, EXPR_HASH, EXPR_RT, + EXPR_FIB, }; enum ops { @@ -180,6 +181,7 @@ enum expr_flags { #include <payload.h> #include <exthdr.h> +#include <fib.h> #include <numgen.h> #include <meta.h> #include <rt.h> @@ -306,6 +308,11 @@ struct expr { uint32_t mod; uint32_t seed; } hash; + struct { + /* EXPR_FIB */ + uint32_t flags; + uint32_t result; + } fib; }; }; diff --git a/include/fib.h b/include/fib.h new file mode 100644 index 00000000..3a019e65 --- /dev/null +++ b/include/fib.h @@ -0,0 +1,7 @@ +#ifndef NFTABLES_FIB_H +#define NFTABLES_FIB_H + +extern struct expr *fib_expr_alloc(const struct location *loc, + unsigned int flags, + unsigned int result); +#endif /* NFTABLES_FIB_H */ diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 2d477847..c6567ace 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1126,6 +1126,42 @@ enum nft_gen_attributes { }; #define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1) +/* + * enum nft_fib_attributes - nf_tables fib expression netlink attributes + * + * @NFTA_FIB_DREG: destination register (NLA_U32) + * @NFTA_FIB_RESULT: desired result (NLA_U32) + * @NFTA_FIB_FLAGS: flowi fields to initialize when querying the FIB (NLA_U32) + * + * The FIB expression performs a route lookup according + * to the packet data. + */ +enum nft_fib_attributes { + NFTA_FIB_UNSPEC, + NFTA_FIB_DREG, + NFTA_FIB_RESULT, + NFTA_FIB_FLAGS, + __NFTA_FIB_MAX +}; +#define NFTA_FIB_MAX (__NFTA_FIB_MAX - 1) + +enum nft_fib_result { + NFT_FIB_RESULT_UNSPEC, + NFT_FIB_RESULT_OIF, + NFT_FIB_RESULT_OIFNAME, + NFT_FIB_RESULT_ADDRTYPE, + __NFT_FIB_RESULT_MAX +}; +#define NFT_FIB_RESULT_MAX (__NFT_FIB_RESULT_MAX - 1) + +enum nft_fib_flags { + NFTA_FIB_F_SADDR = 1 << 0, /* look up src */ + NFTA_FIB_F_DADDR = 1 << 1, /* look up dst */ + NFTA_FIB_F_MARK = 1 << 2, /* use skb->mark */ + NFTA_FIB_F_IIF = 1 << 3, /* restrict to iif */ + NFTA_FIB_F_OIF = 1 << 4, /* restrict to oif */ +}; + /** * enum nft_trace_attributes - nf_tables trace netlink attributes * |