From 92e66d4e07d20e73606e2110144199b81663dc35 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 7 Oct 2010 17:43:50 +0200
Subject: expect: add support for CTA_EXPECT_FLAGS

This patch allows to set the expectation flags from user-space.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/libnetfilter_conntrack/libnetfilter_conntrack.h    | 6 ++++++
 include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 1 +
 2 files changed, 7 insertions(+)

(limited to 'include/libnetfilter_conntrack')

diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 710362c..029eebd 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -496,6 +496,7 @@ enum nf_expect_attr {
 	ATTR_EXP_MASK,		/* pointer to conntrack object */
 	ATTR_EXP_TIMEOUT,	/* u32 bits */
 	ATTR_EXP_ZONE,		/* u16 bits */
+	ATTR_EXP_FLAGS,		/* u32 bits */
 	ATTR_EXP_MAX
 };
 
@@ -643,6 +644,11 @@ enum ip_conntrack_status {
 	IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),
 };
 
+/* expectation flags */
+#define NF_CT_EXPECT_PERMANENT          0x1
+#define NF_CT_EXPECT_INACTIVE           0x2
+#define NF_CT_EXPECT_USERSPACE          0x4
+
 /*
  * TCP flags
  */
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index e17e0c5..1278dda 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -165,6 +165,7 @@ enum ctattr_expect {
 	CTA_EXPECT_ID,
 	CTA_EXPECT_HELP_NAME,
 	CTA_EXPECT_ZONE,
+	CTA_EXPECT_FLAGS,
 	__CTA_EXPECT_MAX
 };
 #define CTA_EXPECT_MAX (__CTA_EXPECT_MAX - 1)
-- 
cgit v1.2.3