diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/libnftnl/object.h | 4 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 18 | ||||
-rw-r--r-- | include/obj.h | 4 |
3 files changed, 25 insertions, 1 deletions
diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h index 0279705..4ce2230 100644 --- a/include/libnftnl/object.h +++ b/include/libnftnl/object.h @@ -97,6 +97,10 @@ enum { NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR, }; +enum { + NFTNL_OBJ_SECMARK_CTX = NFTNL_OBJ_BASE, +}; + struct nftnl_obj; struct nftnl_obj *nftnl_obj_alloc(void); diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index da2c291..f2ee638 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1161,6 +1161,21 @@ enum nft_quota_attributes { #define NFTA_QUOTA_MAX (__NFTA_QUOTA_MAX - 1) /** + * enum nft_secmark_attributes - nf_tables secmark expression netlink attributes + * + * @NFTA_SECMARK_CTX: security context (NLA_STRING) + */ +enum nft_secmark_attributes { + NFTA_SECMARK_UNSPEC, + NFTA_SECMARK_CTX, + __NFTA_SECMARK_MAX, +}; +#define NFTA_SECMARK_MAX (__NFTA_SECMARK_MAX - 1) + +/* Max security context length */ +#define NFT_SECMARK_CTX_MAXLEN 256 + +/** * enum nft_reject_types - nf_tables reject expression reject types * * @NFT_REJECT_ICMP_UNREACH: reject using ICMP unreachable @@ -1416,7 +1431,8 @@ enum nft_ct_timeout_attributes { #define NFT_OBJECT_CONNLIMIT 5 #define NFT_OBJECT_TUNNEL 6 #define NFT_OBJECT_CT_TIMEOUT 7 -#define __NFT_OBJECT_MAX 8 +#define NFT_OBJECT_SECMARK 8 +#define __NFT_OBJECT_MAX 9 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** diff --git a/include/obj.h b/include/obj.h index 26184da..435d8a0 100644 --- a/include/obj.h +++ b/include/obj.h @@ -77,6 +77,9 @@ struct nftnl_obj { } tun_erspan; } u; } tunnel; + struct nftnl_obj_secmark { + char ctx[NFT_SECMARK_CTX_MAXLEN]; + } secmark; } data; }; @@ -100,6 +103,7 @@ extern struct obj_ops obj_ops_ct_helper; extern struct obj_ops obj_ops_ct_timeout; extern struct obj_ops obj_ops_limit; extern struct obj_ops obj_ops_tunnel; +extern struct obj_ops obj_ops_secmark; #define nftnl_obj_data(obj) (void *)&obj->data |