src: limit stateful object support

This patch adds support for a new type of stateful object: limit.

Signed-off-by: Pablo M. Bermudo Garay <pablombg@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 18 insertions, 1 deletions

diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h
index ccd9d19..1c3bc7c 100644
--- a/include/libnftnl/object.h
+++ b/include/libnftnl/object.h
@@ -40,6 +40,14 @@ enum {
 	NFTNL_OBJ_CT_HELPER_L4PROTO,
 };
 
+enum {
+	NFTNL_OBJ_LIMIT_RATE	= NFTNL_OBJ_BASE,
+	NFTNL_OBJ_LIMIT_UNIT,
+	NFTNL_OBJ_LIMIT_BURST,
+	NFTNL_OBJ_LIMIT_TYPE,
+	NFTNL_OBJ_LIMIT_FLAGS,
+};
+
 struct nftnl_obj;
 
 struct nftnl_obj *nftnl_obj_alloc(void);
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 2e174d8..874fa3f 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1278,7 +1278,8 @@ enum nft_ct_helper_attributes {
 #define NFT_OBJECT_COUNTER	1
 #define NFT_OBJECT_QUOTA	2
 #define NFT_OBJECT_CT_HELPER	3
-#define __NFT_OBJECT_MAX	4
+#define NFT_OBJECT_LIMIT	4
+#define __NFT_OBJECT_MAX	5
 #define NFT_OBJECT_MAX		(__NFT_OBJECT_MAX - 1)
 
 /**
diff --git a/include/obj.h b/include/obj.h
index d90919f..d17d63a 100644
--- a/include/obj.h
+++ b/include/obj.h
@@ -35,6 +35,13 @@ struct nftnl_obj {
 			uint8_t		l4proto;
 			char		name[16];
 		} ct_helper;
+		struct nftnl_obj_limit {
+			uint64_t	rate;
+			uint64_t	unit;
+			uint32_t	burst;
+			uint32_t	type;
+			uint32_t	flags;
+		} limit;
 	} data;
 };
 
@@ -55,6 +62,7 @@ struct obj_ops {
 extern struct obj_ops obj_ops_counter;
 extern struct obj_ops obj_ops_quota;
 extern struct obj_ops obj_ops_ct_helper;
+extern struct obj_ops obj_ops_limit;
 
 #define nftnl_obj_data(obj) (void *)&obj->data