From 609a13fc2999e0f2f6910480ac079f3cfdabbd55 Mon Sep 17 00:00:00 2001 From: Fernando Fernandez Mancera Date: Sat, 7 Sep 2019 18:05:01 +0200 Subject: src: synproxy stateful object support This patch adds synproxy stateful object support. Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso --- include/libnftnl/object.h | 6 ++++++ include/linux/netfilter/nf_tables.h | 3 ++- include/obj.h | 6 ++++++ 3 files changed, 14 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/libnftnl/object.h b/include/libnftnl/object.h index cce0713..c5ea88e 100644 --- a/include/libnftnl/object.h +++ b/include/libnftnl/object.h @@ -86,6 +86,12 @@ enum { NFTNL_OBJ_LIMIT_FLAGS, }; +enum { + NFTNL_OBJ_SYNPROXY_MSS = NFTNL_OBJ_BASE, + NFTNL_OBJ_SYNPROXY_WSCALE, + NFTNL_OBJ_SYNPROXY_FLAGS, +}; + enum { NFTNL_OBJ_TUNNEL_ID = NFTNL_OBJ_BASE, NFTNL_OBJ_TUNNEL_IPV4_SRC, diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 75e083e..2e49bc6 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1481,7 +1481,8 @@ enum nft_ct_expectation_attributes { #define NFT_OBJECT_CT_TIMEOUT 7 #define NFT_OBJECT_SECMARK 8 #define NFT_OBJECT_CT_EXPECT 9 -#define __NFT_OBJECT_MAX 10 +#define NFT_OBJECT_SYNPROXY 10 +#define __NFT_OBJECT_MAX 11 #define NFT_OBJECT_MAX (__NFT_OBJECT_MAX - 1) /** diff --git a/include/obj.h b/include/obj.h index 9394d79..10f806c 100644 --- a/include/obj.h +++ b/include/obj.h @@ -56,6 +56,11 @@ struct nftnl_obj { uint32_t type; uint32_t flags; } limit; + struct nftnl_obj_synproxy { + uint16_t mss; + uint8_t wscale; + uint32_t flags; + } synproxy; struct nftnl_obj_tunnel { uint32_t id; uint32_t src_v4; @@ -108,6 +113,7 @@ extern struct obj_ops obj_ops_ct_helper; extern struct obj_ops obj_ops_ct_timeout; extern struct obj_ops obj_ops_ct_expect; extern struct obj_ops obj_ops_limit; +extern struct obj_ops obj_ops_synproxy; extern struct obj_ops obj_ops_tunnel; extern struct obj_ops obj_ops_secmark; -- cgit v1.2.3