diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-05-25 12:51:54 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-05-29 00:25:42 +0200 |
| commit | 1dd9ba1ea23c46d2c9ea1685b458afb9af459e58 (patch) | |
| tree | 49e9a89063b1ecddb047e495fcbafb74b8337cd1 /include | |
| parent | 1c9b43818b9c7bd48b36626d04c9cea94c52fd87 (diff) | |
table: add netdev family support
This adds support for the new 'netdev' family tables.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/buffer.h | 1 | ||||
| -rw-r--r-- | include/libnftnl/table.h | 1 | ||||
| -rw-r--r-- | include/linux/netfilter.h | 8 | ||||
| -rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 |
4 files changed, 12 insertions, 0 deletions
diff --git a/include/buffer.h b/include/buffer.h index 52942ed..38b6136 100644 --- a/include/buffer.h +++ b/include/buffer.h @@ -41,6 +41,7 @@ int nft_buf_reg(struct nft_buf *b, int type, union nft_data_reg *reg, #define CHAIN "chain" #define CODE "code" #define DATA "data" +#define DEVICE "device" #define DIR "dir" #define DREG "dreg" #define EXTHDR_TYPE "exthdr_type" diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h index fac79e7..16df5fa 100644 --- a/include/libnftnl/table.h +++ b/include/libnftnl/table.h @@ -22,6 +22,7 @@ enum { NFT_TABLE_ATTR_FAMILY, NFT_TABLE_ATTR_FLAGS, NFT_TABLE_ATTR_USE, + NFT_TABLE_ATTR_DEV, __NFT_TABLE_ATTR_MAX }; #define NFT_TABLE_ATTR_MAX (__NFT_TABLE_ATTR_MAX - 1) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index be0bc18..18075f9 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -32,6 +32,7 @@ #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) /* only for userspace compatibility */ +#ifndef __KERNEL__ /* Generic cache responses from hook functions. <= 0x2000 is used for protocol-flags. */ #define NFC_UNKNOWN 0x4000 @@ -39,6 +40,7 @@ /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ #define NF_VERDICT_BITS 16 +#endif enum nf_inet_hooks { NF_INET_PRE_ROUTING, @@ -49,11 +51,17 @@ enum nf_inet_hooks { NF_INET_NUMHOOKS }; +enum nf_dev_hooks { + NF_NETDEV_INGRESS, + NF_NETDEV_NUMHOOKS +}; + enum { NFPROTO_UNSPEC = 0, NFPROTO_INET = 1, NFPROTO_IPV4 = 2, NFPROTO_ARP = 3, + NFPROTO_NETDEV = 5, NFPROTO_BRIDGE = 7, NFPROTO_IPV6 = 10, NFPROTO_DECNET = 12, diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 5fa1cd0..89a671e 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -146,12 +146,14 @@ enum nft_table_flags { * @NFTA_TABLE_NAME: name of the table (NLA_STRING) * @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32) * @NFTA_TABLE_USE: number of chains in this table (NLA_U32) + * @NFTA_TABLE_DEV: net device name (NLA_STRING) */ enum nft_table_attributes { NFTA_TABLE_UNSPEC, NFTA_TABLE_NAME, NFTA_TABLE_FLAGS, NFTA_TABLE_USE, + NFTA_TABLE_DEV, __NFTA_TABLE_MAX }; #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) |