From 1154021c599257edf2c3dcb4d29f6b4dcb67643a Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Tue, 6 Sep 2011 13:47:43 +0200 Subject: src: add NFQNL_MSG_VERDICT_BATCH support add nfq_set_verdict_batch() and nfq_set_verdict_batch2 (to also set the nfmark of all packets). verdicts sent by the _batch variant will affect all queued skbs whose id is smaller or equal to the given id. This facility is available from Linux 3.1 onwards. Signed-off-by: Florian Westphal Signed-off-by: Pablo Neira Ayuso --- include/libnetfilter_queue/libnetfilter_queue.h | 9 +++++++++ include/libnetfilter_queue/linux_nfnetlink_queue.h | 1 + 2 files changed, 10 insertions(+) (limited to 'include') diff --git a/include/libnetfilter_queue/libnetfilter_queue.h b/include/libnetfilter_queue/libnetfilter_queue.h index 295de66..28bf2b1 100644 --- a/include/libnetfilter_queue/libnetfilter_queue.h +++ b/include/libnetfilter_queue/libnetfilter_queue.h @@ -69,6 +69,15 @@ extern int nfq_set_verdict2(struct nfq_q_handle *qh, u_int32_t datalen, const unsigned char *buf); +extern int nfq_set_verdict_batch(struct nfq_q_handle *qh, + u_int32_t id, + u_int32_t verdict); + +extern int nfq_set_verdict_batch2(struct nfq_q_handle *qh, + u_int32_t id, + u_int32_t verdict, + u_int32_t mark); + extern __attribute__((deprecated)) int nfq_set_verdict_mark(struct nfq_q_handle *qh, u_int32_t id, diff --git a/include/libnetfilter_queue/linux_nfnetlink_queue.h b/include/libnetfilter_queue/linux_nfnetlink_queue.h index 191b094..6b4f86d 100644 --- a/include/libnetfilter_queue/linux_nfnetlink_queue.h +++ b/include/libnetfilter_queue/linux_nfnetlink_queue.h @@ -11,6 +11,7 @@ enum nfqnl_msg_types { NFQNL_MSG_PACKET, /* packet from kernel to userspace */ NFQNL_MSG_VERDICT, /* verdict from userspace to kernel */ NFQNL_MSG_CONFIG, /* connect to a particular queue */ + NFQNL_MSG_VERDICT_BATCH, /* batch verdict from userspace to kernel */ NFQNL_MSG_MAX }; -- cgit v1.2.3