summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter/nf_tables.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-06-13 17:25:57 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-06-24 11:49:31 +0200
commitc355e3b7502ff5089bac2fc41a7a981a3f331d1a (patch)
treeef4133d8fb4248a9fbf4f1fb3d8455229033eb00 /include/linux/netfilter/nf_tables.h
parentad0b381c4bf80b330130de9c2a3c9fab110c63b6 (diff)
src: get it sync with current include/linux/netfilter/nf_tables.h
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux/netfilter/nf_tables.h')
-rw-r--r--include/linux/netfilter/nf_tables.h48
1 files changed, 44 insertions, 4 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 1c230730..a236cc31 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1,6 +1,8 @@
#ifndef _LINUX_NF_TABLES_H
#define _LINUX_NF_TABLES_H
+#define NFT_CHAIN_MAXNAMELEN 32
+
enum nft_registers {
NFT_REG_VERDICT,
NFT_REG_1,
@@ -46,6 +48,8 @@ enum nf_tables_msg_types {
NFT_MSG_NEWSETELEM,
NFT_MSG_GETSETELEM,
NFT_MSG_DELSETELEM,
+ NFT_MSG_COMMIT,
+ NFT_MSG_ABORT,
NFT_MSG_MAX,
};
@@ -76,6 +80,15 @@ enum nft_hook_attributes {
#define NFTA_HOOK_MAX (__NFTA_HOOK_MAX - 1)
/**
+ * enum nft_table_flags - nf_tables table flags
+ *
+ * @NFT_TABLE_F_DORMANT: this table is not active
+ */
+enum nft_table_flags {
+ NFT_TABLE_F_DORMANT = 0x1,
+};
+
+/**
* enum nft_table_attributes - nf_tables table netlink attributes
*
* @NFTA_TABLE_NAME: name of the table (NLA_STRING)
@@ -83,6 +96,7 @@ enum nft_hook_attributes {
enum nft_table_attributes {
NFTA_TABLE_UNSPEC,
NFTA_TABLE_NAME,
+ NFTA_TABLE_FLAGS,
__NFTA_TABLE_MAX
};
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
@@ -97,12 +111,22 @@ enum nft_table_attributes {
enum nft_chain_attributes {
NFTA_CHAIN_UNSPEC,
NFTA_CHAIN_TABLE,
+ NFTA_CHAIN_HANDLE,
NFTA_CHAIN_NAME,
NFTA_CHAIN_HOOK,
+ NFTA_CHAIN_POLICY,
+ NFTA_CHAIN_USE,
+ NFTA_CHAIN_TYPE,
+ NFTA_CHAIN_COUNTERS,
__NFTA_CHAIN_MAX
};
#define NFTA_CHAIN_MAX (__NFTA_CHAIN_MAX - 1)
+enum {
+ NFT_RULE_F_COMMIT = (1 << 0),
+ NFT_RULE_F_MASK = NFT_RULE_F_COMMIT,
+};
+
/**
* enum nft_rule_attributes - nf_tables rule netlink attributes
*
@@ -117,10 +141,25 @@ enum nft_rule_attributes {
NFTA_RULE_CHAIN,
NFTA_RULE_HANDLE,
NFTA_RULE_EXPRESSIONS,
+ NFTA_RULE_FLAGS,
+ NFTA_RULE_COMPAT,
__NFTA_RULE_MAX
};
#define NFTA_RULE_MAX (__NFTA_RULE_MAX - 1)
+enum nft_rule_compat_flags {
+ NFT_RULE_COMPAT_F_INV = (1 << 1),
+ NFT_RULE_COMPAT_F_MASK = NFT_RULE_COMPAT_F_INV,
+};
+
+enum nft_rule_compat_attributes {
+ NFTA_RULE_COMPAT_UNSPEC,
+ NFTA_RULE_COMPAT_PROTO,
+ NFTA_RULE_COMPAT_FLAGS,
+ __NFTA_RULE_COMPAT_MAX
+};
+#define NFTA_RULE_COMPAT_MAX (__NFTA_RULE_COMPAT_MAX - 1)
+
/**
* enum nft_set_flags - nf_tables set flags
*
@@ -595,10 +634,11 @@ enum nft_nat_types {
enum nft_nat_attributes {
NFTA_NAT_UNSPEC,
NFTA_NAT_TYPE,
- NFTA_NAT_ADDR_MIN,
- NFTA_NAT_ADDR_MAX,
- NFTA_NAT_PROTO_MIN,
- NFTA_NAT_PROTO_MAX,
+ NFTA_NAT_FAMILY,
+ NFTA_NAT_REG_ADDR_MIN,
+ NFTA_NAT_REG_ADDR_MAX,
+ NFTA_NAT_REG_PROTO_MIN,
+ NFTA_NAT_REG_PROTO_MAX,
__NFTA_NAT_MAX
};
#define NFTA_NAT_MAX (__NFTA_NAT_MAX - 1)