summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_tables.h6
-rw-r--r--include/mnl.h3
-rw-r--r--include/netlink.h4
-rw-r--r--include/rule.h24
4 files changed, 37 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 2efbf974..b2d36004 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -92,6 +92,9 @@ enum nft_verdicts {
* @NFT_MSG_GETOBJ: get a stateful object (enum nft_obj_attributes)
* @NFT_MSG_DELOBJ: delete a stateful object (enum nft_obj_attributes)
* @NFT_MSG_GETOBJ_RESET: get and reset a stateful object (enum nft_obj_attributes)
+ * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes)
+ * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes)
+ * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes)
*/
enum nf_tables_msg_types {
NFT_MSG_NEWTABLE,
@@ -116,6 +119,9 @@ enum nf_tables_msg_types {
NFT_MSG_GETOBJ,
NFT_MSG_DELOBJ,
NFT_MSG_GETOBJ_RESET,
+ NFT_MSG_NEWFLOWTABLE,
+ NFT_MSG_GETFLOWTABLE,
+ NFT_MSG_DELFLOWTABLE,
NFT_MSG_MAX,
};
diff --git a/include/mnl.h b/include/mnl.h
index 4662cd04..4475e7f8 100644
--- a/include/mnl.h
+++ b/include/mnl.h
@@ -89,6 +89,9 @@ int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch,
int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch,
unsigned int flags, uint32_t seqnum);
+struct nftnl_flowtable_list *
+mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table);
+
struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx,
uint32_t family);
int mnl_nft_event_listener(struct mnl_socket *nf_sock, unsigned int debug_mask,
diff --git a/include/netlink.h b/include/netlink.h
index 2c4250e7..387eb9d8 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -179,6 +179,10 @@ extern int netlink_add_obj(struct netlink_ctx *ctx, const struct handle *h,
extern int netlink_delete_obj(struct netlink_ctx *ctx, const struct handle *h,
struct location *loc, uint32_t type);
+extern int netlink_list_flowtables(struct netlink_ctx *ctx,
+ const struct handle *h,
+ const struct location *loc);
+
extern void netlink_dump_chain(const struct nftnl_chain *nlc,
struct netlink_ctx *ctx);
extern void netlink_dump_rule(const struct nftnl_rule *nlr,
diff --git a/include/rule.h b/include/rule.h
index 58c4aeef..33bb24fa 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -35,6 +35,7 @@ struct position_spec {
* @chain: chain name (chains and rules only)
* @set: set name (sets only)
* @obj: stateful object name (stateful object only)
+ * @flowtable: flow table name (flow table only)
* @handle: rule handle (rules only)
* @position: rule position (rules only)
* @set_id: set ID (sets only)
@@ -45,6 +46,7 @@ struct handle {
const char *chain;
const char *set;
const char *obj;
+ const char *flowtable;
struct handle_spec handle;
struct position_spec position;
uint32_t set_id;
@@ -102,6 +104,7 @@ enum table_flags {
* @chains: chains contained in the table
* @sets: sets contained in the table
* @objs: stateful objects contained in the table
+ * @flowtables: flow tables contained in the table
* @flags: table flags
* @refcnt: table reference counter
*/
@@ -113,6 +116,7 @@ struct table {
struct list_head chains;
struct list_head sets;
struct list_head objs;
+ struct list_head flowtables;
enum table_flags flags;
unsigned int refcnt;
};
@@ -319,6 +323,24 @@ void obj_print_plain(const struct obj *obj, struct output_ctx *octx);
const char *obj_type_name(uint32_t type);
uint32_t obj_type_to_cmd(uint32_t type);
+struct flowtable {
+ struct list_head list;
+ struct handle handle;
+ struct location location;
+ unsigned int hooknum;
+ int priority;
+ const char **dev_array;
+ int dev_array_len;
+ unsigned int refcnt;
+};
+
+extern struct flowtable *flowtable_alloc(const struct location *loc);
+extern struct flowtable *flowtable_get(struct flowtable *flowtable);
+extern void flowtable_free(struct flowtable *flowtable);
+extern void flowtable_add_hash(struct flowtable *flowtable, struct table *table);
+
+void flowtable_print(const struct flowtable *n, struct output_ctx *octx);
+
/**
* enum cmd_ops - command operations
*
@@ -377,6 +399,7 @@ enum cmd_ops {
* @CMD_OBJ_QUOTAS: multiple quotas
* @CMD_OBJ_LIMIT: limit
* @CMD_OBJ_LIMITS: multiple limits
+ * @CMD_OBJ_FLOWTABLES: flow tables
*/
enum cmd_obj {
CMD_OBJ_INVALID,
@@ -403,6 +426,7 @@ enum cmd_obj {
CMD_OBJ_CT_HELPERS,
CMD_OBJ_LIMIT,
CMD_OBJ_LIMITS,
+ CMD_OBJ_FLOWTABLES,
};
struct markup {