path: root/include
diff options
authorWillem de Bruijn <>2013-01-23 16:00:58 +0000
committerPablo Neira Ayuso <>2013-04-02 00:08:21 +0200
commite0a0dd703b3448f0f07fc59b7232bf1f1cce7b86 (patch)
tree27cad8d433a409d96b46269518d442048b725df5 /include
parent71eddedcbf7aebe0cd05421d13b049dd710eaf7f (diff)
extensions: add libxt_bpf extension
Add user-space code to support the new BPF iptables extension. Pablo has mangled the original patch to: * include a copy of include/linux/netfilter/xt_bpf.h in the tree. * I have also remove the --bytecode-file option. The original proposal was to accept BPF code in a file in human readable format. Now, with the nfbpf_compile utility, it's very easy to generate the filter using tcpdump-like syntax. * I have remove the trailing comma in the backtick format, the parser works just fine for me here. * Fix error message if --bytecode is missing. Signed-off-by: Willem de Bruijn <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include')
1 files changed, 17 insertions, 0 deletions
diff --git a/include/linux/netfilter/xt_bpf.h b/include/linux/netfilter/xt_bpf.h
new file mode 100644
index 00000000..5dda450e
--- /dev/null
+++ b/include/linux/netfilter/xt_bpf.h
@@ -0,0 +1,17 @@
+#ifndef _XT_BPF_H
+#define _XT_BPF_H
+#include <linux/filter.h>
+#include <linux/types.h>
+#define XT_BPF_MAX_NUM_INSTR 64
+struct xt_bpf_info {
+ __u16 bpf_program_num_elem;
+ struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
+ /* only used in the kernel */
+ struct sk_filter *filter __attribute__((aligned(8)));
+#endif /*_XT_BPF_H */