diff options
author | Florian Westphal <fw@strlen.de> | 2017-02-19 22:49:51 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:08:59 +0100 |
commit | 4b89c0cb0883f638ff1abbc2ff47c43cdc26aac5 (patch) | |
tree | 7f17cc130bd6c4d8a47861869a0286b00e4d4410 /include | |
parent | 5d24b4686f7b3e3f3858afbc986d0d14c0ab044c (diff) |
src: ct helper support
add support for ct helper objects, these are used to assign helpers to
connections, similar to iptables -j CT --set-helper target.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/libnftnl/object.h | 6 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 12 | ||||
-rw-r--r-- | include/obj.h | 6 |
3 files changed, 23 insertions, 1 deletions
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h index ca3abea..ccd9d19 100644 --- a/include/libnftnl/object.h +++ b/include/libnftnl/object.h @@ -34,6 +34,12 @@ enum { NFTNL_OBJ_QUOTA_FLAGS, }; +enum { + NFTNL_OBJ_CT_HELPER_NAME = NFTNL_OBJ_BASE, + NFTNL_OBJ_CT_HELPER_L3PROTO, + NFTNL_OBJ_CT_HELPER_L4PROTO, +}; + struct nftnl_obj; struct nftnl_obj *nftnl_obj_alloc(void); diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a9280a6..8f38426 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1260,10 +1260,20 @@ enum nft_fib_flags { NFTA_FIB_F_PRESENT = 1 << 5, /* check existence only */ }; +enum nft_ct_helper_attributes { + NFTA_CT_HELPER_UNSPEC, + NFTA_CT_HELPER_NAME, + NFTA_CT_HELPER_L3PROTO, + NFTA_CT_HELPER_L4PROTO, + __NFTA_CT_HELPER_MAX, +}; +#define NFTA_CT_HELPER_MAX (__NFTA_CT_HELPER_MAX - 1) + #define NFT_OBJECT_UNSPEC 0 #define NFT_OBJECT_COUNTER 1 #define NFT_OBJECT_QUOTA 2 -#define __NFT_OBJECT_MAX 3 +#define NFT_OBJECT_CT_HELPER 3 +#define __NFT_OBJECT_MAX 4 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** diff --git a/include/obj.h b/include/obj.h index edbf023..d90919f 100644 --- a/include/obj.h +++ b/include/obj.h @@ -30,6 +30,11 @@ struct nftnl_obj { uint64_t consumed; uint32_t flags; } quota; + struct nftnl_obj_ct_helper { + uint16_t l3proto; + uint8_t l4proto; + char name[16]; + } ct_helper; } data; }; @@ -49,6 +54,7 @@ struct obj_ops { extern struct obj_ops obj_ops_counter; extern struct obj_ops obj_ops_quota; +extern struct obj_ops obj_ops_ct_helper; #define nftnl_obj_data(obj) (void *)&obj->data |