diff options
author | Eric Leblond <eric@regit.org> | 2013-12-29 19:28:10 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-04 01:07:39 +0100 |
commit | 079041bd477f444d29e02c6442351c0ed6ffaa1e (patch) | |
tree | b4472282e4aaab269d4425af453e957c1e82a008 /include/linux | |
parent | 35f9338e6ae0169b9a8fd665d4f02608224010c5 (diff) |
src: add support for queue
This patch adds support for the queue target. It is now possible
to specify rule sending packet to a given queue and using load
balancing:
nft add rule filter output queue num 3 total 2 options fanout
Signed-off-by: Eric Leblond <eric@regit.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/linux')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a236cc31..1d5a9253 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -587,6 +587,26 @@ enum nft_log_attributes { #define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1) /** + * enum nft_queue_attributes - nf_tables queue expression netlink attributes + * + * @NFTA_QUEUE_NUM: netlink group to send messages to (NLA_U32) + * @NFTA_QUEUE_TOTAL: prefix to prepend to log messages (NLA_STRING) + * @NFTA_QUEUE_FLAGS: length of payload to include in netlink message (NLA_U32) + */ +enum nft_queue_attributes { + NFTA_QUEUE_UNSPEC, + NFTA_QUEUE_NUM, + NFTA_QUEUE_TOTAL, + NFTA_QUEUE_FLAGS, + __NFTA_QUEUE_MAX +}; +#define NFTA_QUEUE_MAX (__NFTA_QUEUE_MAX - 1) + +#define NFT_QUEUE_FLAG_BYPASS 0x01 /* for compatibility with v2 */ +#define NFT_QUEUE_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */ +#define NFT_QUEUE_FLAG_MASK 0x03 + +/** * enum nft_reject_types - nf_tables reject expression reject types * * @NFT_REJECT_ICMP_UNREACH: reject using ICMP unreachable |