diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-01-20 20:19:20 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-30 23:50:23 +0100 |
commit | 9e62dc8637f210cdeaed784396fecab9b6e5f043 (patch) | |
tree | e53163246d426495c972e8176f6c681067ecddec /include/linux | |
parent | 0aad20f3979e3b6becd40e4ed5bba8d09d90706e (diff) |
xtables-restore: support atomic commit
Use new services in nf_tables to support atomic commit.
Commit per table, although we support global commit at once,
call commit for each table to emulate iptables-restore
behaviour by now.
Keep table dormant/wake up code in iptables/nft.c as it can
be used in the future.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index bdab3f2e..5385bf32 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -35,6 +35,8 @@ enum nf_tables_msg_types { NFT_MSG_NEWSETELEM, NFT_MSG_GETSETELEM, NFT_MSG_DELSETELEM, + NFT_MSG_COMMIT, + NFT_MSG_ABORT, NFT_MSG_MAX, }; @@ -83,12 +85,18 @@ enum nft_chain_attributes { }; #define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1) +enum { + NFT_RULE_F_COMMIT = (1 << 0), + NFT_RULE_F_MASK = NFT_RULE_F_COMMIT, +}; + enum nft_rule_attributes { NFTA_RULE_UNSPEC, NFTA_RULE_TABLE, NFTA_RULE_CHAIN, NFTA_RULE_HANDLE, NFTA_RULE_EXPRESSIONS, + NFTA_RULE_FLAGS, __NFTA_RULE_MAX }; #define NFTA_RULE_MAX (__NFTA_RULE_MAX - 1) |