expr: extend fwd statement to support address and family

Allow to forward packets through to explicit destination and interface. nft add rule netdev x y fwd ip to 192.168.2.200 device eth0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-11-09 03:42:55 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-06 19:18:43 +0200
commit: 30d45266bf38b209df33e4df1a116c60531ae3e5 (patch)
tree: af94699ae6d6a58edf84aabfff31bc82ff44e642 /include/linux/netfilter/nf_tables.h
parent: 57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 40d43271..f46239ec 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -1253,10 +1253,14 @@ enum nft_dup_attributes {
  * enum nft_fwd_attributes - nf_tables fwd expression netlink attributes
  *
  * @NFTA_FWD_SREG_DEV: source register of output interface (NLA_U32: nft_register)
+ * @NFTA_FWD_SREG_ADDR: source register of destination address (NLA_U32: nft_register)
+ * @NFTA_FWD_NFPROTO: layer 3 family of source register address (NLA_U32: enum nfproto)
  */
 enum nft_fwd_attributes {
 	NFTA_FWD_UNSPEC,
 	NFTA_FWD_SREG_DEV,
+	NFTA_FWD_SREG_ADDR,
+	NFTA_FWD_NFPROTO,
 	__NFTA_FWD_MAX
 };
 #define NFTA_FWD_MAX	(__NFTA_FWD_MAX - 1)
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-11-09 03:42:55 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-06 19:18:43 +0200
commit	30d45266bf38b209df33e4df1a116c60531ae3e5 (patch)
tree	af94699ae6d6a58edf84aabfff31bc82ff44e642 /include/linux/netfilter/nf_tables.h
parent	57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff)