From e0a0dd703b3448f0f07fc59b7232bf1f1cce7b86 Mon Sep 17 00:00:00 2001
From: Willem de Bruijn <willemb@google.com>
Date: Wed, 23 Jan 2013 16:00:58 +0000
Subject: extensions: add libxt_bpf extension

Add user-space code to support the new BPF iptables extension.

Pablo has mangled the original patch to:

* include a copy of include/linux/netfilter/xt_bpf.h in the tree.
* I have also remove the --bytecode-file option. The original
  proposal was to accept BPF code in a file in human readable
  format. Now, with the nfbpf_compile utility, it's very easy
  to generate the filter using tcpdump-like syntax.
* I have remove the trailing comma in the backtick format, the
  parser works just fine for me here.
* Fix error message if --bytecode is missing.

Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/xt_bpf.h | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 include/linux/netfilter/xt_bpf.h

(limited to 'include')

diff --git a/include/linux/netfilter/xt_bpf.h b/include/linux/netfilter/xt_bpf.h
new file mode 100644
index 00000000..5dda450e
--- /dev/null
+++ b/include/linux/netfilter/xt_bpf.h
@@ -0,0 +1,17 @@
+#ifndef _XT_BPF_H
+#define _XT_BPF_H
+
+#include <linux/filter.h>
+#include <linux/types.h>
+
+#define XT_BPF_MAX_NUM_INSTR	64
+
+struct xt_bpf_info {
+	__u16 bpf_program_num_elem;
+	struct sock_filter bpf_program[XT_BPF_MAX_NUM_INSTR];
+
+	/* only used in the kernel */
+	struct sk_filter *filter __attribute__((aligned(8)));
+};
+
+#endif /*_XT_BPF_H */
-- 
cgit v1.2.3