xtables: SET target: Add mapping of meta informations (skbinfo ipset extension)

This feature add support of mapping metainformation to packets like nftables maps or ipfw tables. Currently we can map firewall mark, tc priority and hardware NIC queue. Usage of this functionality allowed only from mangle table. We can map tc priority only in OUTPUT/FORWARD/POSTROUTING chains because it rewrite by route decision. If entry doesn't exist in the set nothing of fields changed. Example of classify by destination address: iptables -t mangle -A POSTROUTING -o eth0 -j SET --map-set DST2CLASS dst --map-prio Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com> Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
author: Anton Danilov <littlesmilingcloud@gmail.com> 2014-09-02 14:15:53 +0400
committer: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> 2014-09-14 20:17:32 +0200
commit: 6d9ae2952a440b4ff28e86df6d18b53caa7ecd94 (patch)
tree: d250695fb21b2d77883a6b69d2fc295656b81f43 /include/linux/netfilter/xt_set.h
parent: 1cc84d47766ad74be8609477d3496544848b75b1 (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_set.h b/include/linux/netfilter/xt_set.h
index 964d3d42..d6a1df1f 100644
--- a/include/linux/netfilter/xt_set.h
+++ b/include/linux/netfilter/xt_set.h
@@ -71,4 +71,14 @@ struct xt_set_info_match_v3 {
 	__u32 flags;
 };
 
+/* Revision 3 target */
+
+struct xt_set_info_target_v3 {
+	struct xt_set_info add_set;
+	struct xt_set_info del_set;
+	struct xt_set_info map_set;
+	__u32 flags;
+	__u32 timeout;
+};
+
 #endif /*_XT_SET_H*/
author	Anton Danilov <littlesmilingcloud@gmail.com>	2014-09-02 14:15:53 +0400
committer	Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>	2014-09-14 20:17:32 +0200
commit	6d9ae2952a440b4ff28e86df6d18b53caa7ecd94 (patch)
tree	d250695fb21b2d77883a6b69d2fc295656b81f43 /include/linux/netfilter/xt_set.h
parent	1cc84d47766ad74be8609477d3496544848b75b1 (diff)