summaryrefslogtreecommitdiffstats
path: root/include/linux/netfilter
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2013-10-22 15:03:52 +0200
committerFlorian Westphal <fw@strlen.de>2014-02-18 22:31:07 +0100
commit2fcce8b0677b31a5566d4b0e2d7432e8f678aabc (patch)
treec1924e84d72d566526f22b4c663dd05141695dee /include/linux/netfilter
parent71dc2810574a373dd1969088b7484933e40f6b46 (diff)
ct: connlabel matching support
Takes advantage of the fact that the current maximum label storage area is 128 bits, i.e. the dynamically allocated extension area in the kernel will always fit into a nft register. Currently this re-uses rt_symbol_table_init() to read connlabel.conf. This works since the format is pretty much the same. Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include/linux/netfilter')
-rw-r--r--include/linux/netfilter/nf_tables.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 448593c0..ff9b0a73 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -586,6 +586,7 @@ enum nft_meta_attributes {
* @NFT_CT_PROTOCOL: conntrack layer 4 protocol
* @NFT_CT_PROTO_SRC: conntrack layer 4 protocol source
* @NFT_CT_PROTO_DST: conntrack layer 4 protocol destination
+ * @NFT_CT_LABELS: conntrack label bitset (stored in conntrack extension)
*/
enum nft_ct_keys {
NFT_CT_STATE,
@@ -601,6 +602,7 @@ enum nft_ct_keys {
NFT_CT_PROTOCOL,
NFT_CT_PROTO_SRC,
NFT_CT_PROTO_DST,
+ NFT_CT_LABEL,
};
/**