summaryrefslogtreecommitdiffstats
path: root/include/internal
diff options
context:
space:
mode:
Diffstat (limited to 'include/internal')
-rw-r--r--include/internal/internal.h1
-rw-r--r--include/internal/object.h12
-rw-r--r--include/internal/proto.h1
-rw-r--r--include/internal/prototypes.h3
4 files changed, 11 insertions, 6 deletions
diff --git a/include/internal/internal.h b/include/internal/internal.h
index 2ef8a90..7cd7c44 100644
--- a/include/internal/internal.h
+++ b/include/internal/internal.h
@@ -14,7 +14,6 @@
#include <arpa/inet.h>
#include <time.h>
#include <errno.h>
-#include <netinet/in.h>
#include <libnfnetlink/libnfnetlink.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
diff --git a/include/internal/object.h b/include/internal/object.h
index 75ffdbe..8854ef2 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -6,6 +6,7 @@
#ifndef _NFCT_OBJECT_H_
#define _NFCT_OBJECT_H_
+#include <internal/bitops.h>
#include <libnetfilter_conntrack/libnetfilter_conntrack.h>
/*
@@ -223,12 +224,13 @@ struct nfct_filter {
enum nfct_filter_logic logic[NFCT_FILTER_MAX];
/*
- * This the layer 4 protocol map for filtering. Not more than
- * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually,
- * I doubt that anyone can reach such a limit.
+ * This the layer 4 protocol map for filtering. Not more than 255
+ * protocols. Although IPPROTO_MAX is currently 263, there are many
+ * fewer protocols defined in netinet/in.h, so no one should reach this
+ * limit.
*/
#define __FILTER_L4PROTO_MAX 255
- uint32_t l4proto_map[IPPROTO_MAX/32];
+ uint32_t l4proto_map[DIV_ROUND_UP(IPPROTO_MAX, 32)];
uint32_t l4proto_len;
struct {
@@ -286,10 +288,12 @@ struct nfct_filter {
*/
struct nfct_filter_dump {
+ struct nf_conntrack ct;
struct nfct_filter_dump_mark mark;
struct nfct_filter_dump_mark status;
uint8_t l3num;
uint32_t set;
+ uint16_t zone;
};
/*
diff --git a/include/internal/proto.h b/include/internal/proto.h
index 40e7bfe..60a5f4e 100644
--- a/include/internal/proto.h
+++ b/include/internal/proto.h
@@ -2,6 +2,7 @@
#define _NFCT_PROTO_H_
#include <stdint.h>
+#include <netinet/in.h>
#include <linux/icmp.h>
#include <linux/icmpv6.h>
diff --git a/include/internal/prototypes.h b/include/internal/prototypes.h
index c0047b3..82a3f29 100644
--- a/include/internal/prototypes.h
+++ b/include/internal/prototypes.h
@@ -35,7 +35,8 @@ void __copy_fast(struct nf_conntrack *ct1, const struct nf_conntrack *ct);
int __setup_netlink_socket_filter(int fd, struct nfct_filter *filter);
-void __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
+int __build_filter_dump(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
+int __build_filter_flush(struct nfnlhdr *req, size_t size, const struct nfct_filter_dump *filter_dump);
int nfct_build_tuple(struct nlmsghdr *nlh, const struct __nfct_tuple *t, int type);
int nfct_parse_tuple(const struct nlattr *attr, struct __nfct_tuple *tuple, int dir, uint32_t *set);