From 1dd9ba1ea23c46d2c9ea1685b458afb9af459e58 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 25 May 2015 12:51:54 +0200 Subject: table: add netdev family support This adds support for the new 'netdev' family tables. Signed-off-by: Pablo Neira Ayuso --- include/buffer.h | 1 + include/libnftnl/table.h | 1 + include/linux/netfilter.h | 8 ++++++++ include/linux/netfilter/nf_tables.h | 2 ++ 4 files changed, 12 insertions(+) (limited to 'include') diff --git a/include/buffer.h b/include/buffer.h index 52942ed..38b6136 100644 --- a/include/buffer.h +++ b/include/buffer.h @@ -41,6 +41,7 @@ int nft_buf_reg(struct nft_buf *b, int type, union nft_data_reg *reg, #define CHAIN "chain" #define CODE "code" #define DATA "data" +#define DEVICE "device" #define DIR "dir" #define DREG "dreg" #define EXTHDR_TYPE "exthdr_type" diff --git a/include/libnftnl/table.h b/include/libnftnl/table.h index fac79e7..16df5fa 100644 --- a/include/libnftnl/table.h +++ b/include/libnftnl/table.h @@ -22,6 +22,7 @@ enum { NFT_TABLE_ATTR_FAMILY, NFT_TABLE_ATTR_FLAGS, NFT_TABLE_ATTR_USE, + NFT_TABLE_ATTR_DEV, __NFT_TABLE_ATTR_MAX }; #define NFT_TABLE_ATTR_MAX (__NFT_TABLE_ATTR_MAX - 1) diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h index be0bc18..18075f9 100644 --- a/include/linux/netfilter.h +++ b/include/linux/netfilter.h @@ -32,6 +32,7 @@ #define NF_DROP_ERR(x) (((-x) << 16) | NF_DROP) /* only for userspace compatibility */ +#ifndef __KERNEL__ /* Generic cache responses from hook functions. <= 0x2000 is used for protocol-flags. */ #define NFC_UNKNOWN 0x4000 @@ -39,6 +40,7 @@ /* NF_VERDICT_BITS should be 8 now, but userspace might break if this changes */ #define NF_VERDICT_BITS 16 +#endif enum nf_inet_hooks { NF_INET_PRE_ROUTING, @@ -49,11 +51,17 @@ enum nf_inet_hooks { NF_INET_NUMHOOKS }; +enum nf_dev_hooks { + NF_NETDEV_INGRESS, + NF_NETDEV_NUMHOOKS +}; + enum { NFPROTO_UNSPEC = 0, NFPROTO_INET = 1, NFPROTO_IPV4 = 2, NFPROTO_ARP = 3, + NFPROTO_NETDEV = 5, NFPROTO_BRIDGE = 7, NFPROTO_IPV6 = 10, NFPROTO_DECNET = 12, diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 5fa1cd0..89a671e 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -146,12 +146,14 @@ enum nft_table_flags { * @NFTA_TABLE_NAME: name of the table (NLA_STRING) * @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32) * @NFTA_TABLE_USE: number of chains in this table (NLA_U32) + * @NFTA_TABLE_DEV: net device name (NLA_STRING) */ enum nft_table_attributes { NFTA_TABLE_UNSPEC, NFTA_TABLE_NAME, NFTA_TABLE_FLAGS, NFTA_TABLE_USE, + NFTA_TABLE_DEV, __NFTA_TABLE_MAX }; #define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1) -- cgit v1.2.3