From e046e39725859d6efc0cb7588694e4983ec46251 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 19 Jan 2013 20:12:15 +0100 Subject: rule: add support for rule flags Signed-off-by: Pablo Neira Ayuso --- include/libnftables/rule.h | 3 +++ include/linux/netfilter/nf_tables.h | 6 ++++++ 2 files changed, 9 insertions(+) (limited to 'include') diff --git a/include/libnftables/rule.h b/include/libnftables/rule.h index 2cd1bf3..129dd29 100644 --- a/include/libnftables/rule.h +++ b/include/libnftables/rule.h @@ -18,15 +18,18 @@ enum { NFT_RULE_ATTR_TABLE, NFT_RULE_ATTR_CHAIN, NFT_RULE_ATTR_HANDLE, + NFT_RULE_ATTR_FLAGS, }; void nft_rule_attr_set(struct nft_rule *r, uint16_t attr, void *data); +void nft_rule_attr_set_u32(struct nft_rule *r, uint16_t attr, uint32_t val); void nft_rule_attr_set_u64(struct nft_rule *r, uint16_t attr, uint64_t val); void nft_rule_attr_set_str(struct nft_rule *r, uint16_t attr, char *str); void *nft_rule_attr_get(struct nft_rule *r, uint16_t attr); const char *nft_rule_attr_get_str(struct nft_rule *r, uint16_t attr); uint8_t nft_rule_attr_get_u8(struct nft_rule *r, uint16_t attr); +uint32_t nft_rule_attr_get_u32(struct nft_rule *r, uint16_t attr); uint64_t nft_rule_attr_get_u64(struct nft_rule *r, uint16_t attr); void nft_rule_add_expr(struct nft_rule *r, struct nft_rule_expr *expr); diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a7e84e4..c07d1d3 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -86,12 +86,18 @@ enum nft_chain_attributes { }; #define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1) +enum { + NFT_RULE_F_COMMIT = (1 << 0), + NFT_RULE_F_MASK = NFT_RULE_F_COMMIT, +}; + enum nft_rule_attributes { NFTA_RULE_UNSPEC, NFTA_RULE_TABLE, NFTA_RULE_CHAIN, NFTA_RULE_HANDLE, NFTA_RULE_EXPRESSIONS, + NFTA_RULE_FLAGS, __NFTA_RULE_MAX }; #define NFTA_RULE_MAX (__NFTA_RULE_MAX - 1) -- cgit v1.2.3