path: root/include/rule.h
diff options
authorTomasz Bursztyka <>2013-09-04 12:50:19 +0300
committerPablo Neira Ayuso <>2013-09-04 12:31:17 +0200
commit108d9f6b3af0f70459fb7ccc1dfc5452d3f3646e (patch)
tree69f0d49bbc5e8daf02129b47caeee7ea4457d87b /include/rule.h
parentffad92b5f34d9960d8c6b1c70041b347634a2a76 (diff)
src: Wrap netfilter hooks around human readable strings
This allows to use unique, human readable, hook names for the command line and let the user being unaware of the complex netfilter's hook names and there difference depending on the netfilter family. So: add chain foo bar { type route hook NF_INET_LOCAL_IN 0; } becomes: add chain foo bar { type route hook input 0; } It also fixes then the difference in hook values between families. I.e. ARP family has different values for input, forward and output compared to IPv4, IPv6 or bridge. Signed-off-by: Tomasz Bursztyka <> Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include/rule.h')
1 files changed, 3 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 4f684319..1de23dce 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -98,6 +98,7 @@ enum chain_flags {
* @handle: chain handle
* @location: location the chain was defined at
* @flags: chain flags
+ * @hookstr: unified and human readable hook name (base chains)
* @hooknum: hook number (base chains)
* @priority: hook priority (base chains)
* @type: chain type
@@ -108,6 +109,7 @@ struct chain {
struct handle handle;
struct location location;
uint32_t flags;
+ const char *hookstr;
unsigned int hooknum;
unsigned int priority;
const char *type;
@@ -115,6 +117,7 @@ struct chain {
struct list_head rules;
+extern const char *chain_hookname_lookup(const char *name);
extern struct chain *chain_alloc(const char *name);
extern void chain_free(struct chain *chain);
extern void chain_add_hash(struct chain *chain, struct table *table);