summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/libnftnl/gen.h51
-rw-r--r--include/linux/netfilter/nf_tables.h19
2 files changed, 68 insertions, 2 deletions
diff --git a/include/libnftnl/gen.h b/include/libnftnl/gen.h
new file mode 100644
index 0000000..00753b0
--- /dev/null
+++ b/include/libnftnl/gen.h
@@ -0,0 +1,51 @@
+#ifndef _LIBNFTNL_GEN_H_
+#define _LIBNFTNL_GEN_H_
+
+#include <stdio.h>
+#include <stdint.h>
+#include <stdbool.h>
+#include <sys/types.h>
+
+#include <libnftnl/common.h>
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+struct nft_gen;
+
+struct nft_gen *nft_gen_alloc(void);
+void nft_gen_free(struct nft_gen *);
+
+enum {
+ NFT_GEN_ID = 0,
+ __NFT_GEN_MAX
+};
+#define NFT_GEN_MAX (__NFT_GEN_MAX - 1)
+
+bool nft_gen_attr_is_set(const struct nft_gen *gen, uint16_t attr);
+void nft_gen_attr_unset(struct nft_gen *gen, uint16_t attr);
+void nft_gen_attr_set(struct nft_gen *gen, uint16_t attr, const void *data);
+void nft_gen_attr_set_data(struct nft_gen *gen, uint16_t attr,
+ const void *data, uint32_t data_len);
+const void *nft_gen_attr_get(struct nft_gen *gen, uint16_t attr);
+const void *nft_gen_attr_get_data(struct nft_gen *gen, uint16_t attr,
+ uint32_t *data_len);
+
+void nft_gen_attr_set_u32(struct nft_gen *gen, uint16_t attr, uint32_t data);
+uint32_t nft_gen_attr_get_u32(struct nft_gen *gen, uint16_t attr);
+
+struct nlmsghdr;
+int nft_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_gen *gen);
+
+int nft_gen_snprintf(char *buf, size_t size, struct nft_gen *gen, uint32_t type, uint32_t flags);
+int nft_gen_fprintf(FILE *fp, struct nft_gen *gen, uint32_t type, uint32_t flags);
+
+#define nft_gen_nlmsg_build_hdr nft_nlmsg_build_hdr
+int nft_gen_nlmsg_parse(const struct nlmsghdr *nlh, struct nft_gen *gen);
+
+#ifdef __cplusplus
+} /* extern "C" */
+#endif
+
+#endif /* _LIBNFTNL_GEN_H_ */
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 36c4ca2..b72ccfe 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -51,6 +51,8 @@ enum nft_verdicts {
* @NFT_MSG_NEWSETELEM: create a new set element (enum nft_set_elem_attributes)
* @NFT_MSG_GETSETELEM: get a set element (enum nft_set_elem_attributes)
* @NFT_MSG_DELSETELEM: delete a set element (enum nft_set_elem_attributes)
+ * @NFT_MSG_NEWGEN: announce a new generation, only for events (enum nft_gen_attributes)
+ * @NFT_MSG_GETGEN: get the rule-set generation (enum nft_gen_attributes)
*/
enum nf_tables_msg_types {
NFT_MSG_NEWTABLE,
@@ -68,6 +70,8 @@ enum nf_tables_msg_types {
NFT_MSG_NEWSETELEM,
NFT_MSG_GETSETELEM,
NFT_MSG_DELSETELEM,
+ NFT_MSG_NEWGEN,
+ NFT_MSG_GETGEN,
NFT_MSG_MAX,
};
@@ -785,7 +789,7 @@ enum nft_nat_types {
* @NFTA_NAT_REG_ADDR_MAX: source register of address range end (NLA_U32: nft_registers)
* @NFTA_NAT_REG_PROTO_MIN: source register of proto range start (NLA_U32: nft_registers)
* @NFTA_NAT_REG_PROTO_MAX: source register of proto range end (NLA_U32: nft_registers)
- * @NFTA_NAT_FLAGS: additional NAT configuration (NF_NAT_RANGE_*) (NLA_U32)
+ * @NFTA_NAT_FLAGS: NAT flags (see NF_NAT_RANGE_* in linux/netfilter/nf_nat.h) (NLA_U32)
*/
enum nft_nat_attributes {
NFTA_NAT_UNSPEC,
@@ -803,7 +807,7 @@ enum nft_nat_attributes {
/**
* enum nft_masq_attributes - nf_tables masquerade expression attributes
*
- * @NFTA_MASQ_FLAGS: additional masquerade configuration (NF_NAT_RANGE_*) (NLA_U32)
+ * @NFTA_MASQ_FLAGS: NAT flags (see NF_NAT_RANGE_* in linux/netfilter/nf_nat.h) (NLA_U32)
*/
enum nft_masq_attributes {
NFTA_MASQ_UNSPEC,
@@ -812,5 +816,16 @@ enum nft_masq_attributes {
};
#define NFTA_MASQ_MAX (__NFTA_MASQ_MAX - 1)
+/**
+ * enum nft_gen_attributes - nf_tables ruleset generation attributes
+ *
+ * @NFTA_GEN_ID: Ruleset generation ID (NLA_U32)
+ */
+enum nft_gen_attributes {
+ NFTA_GEN_UNSPEC,
+ NFTA_GEN_ID,
+ __NFTA_GEN_MAX
+};
+#define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1)
#endif /* _LINUX_NF_TABLES_H */