path: root/include/rule.h
diff options
authorPablo Neira Ayuso <>2013-08-22 17:26:31 +0200
committerPablo Neira Ayuso <>2013-08-27 00:38:01 +0200
commit2e27f2468ea69bd4ef15b7582e5d0ebe85c80da8 (patch)
tree22ca140eb616714782908c7843559a6981afb9b9 /include/rule.h
parentfacb3d65ae911418ee10ca2fd1c1ed9a9749cf3b (diff)
src: allow to specify the base chain type
This patch allows you to specify the type of the base chain, eg. add table mangle add chain mangle OUTPUT { type route hook NF_INET_LOCAL_OUT 0; } The chain type determines the semantics of the chain, we currently have three types: * filter, used for plain packet filtering. * nat, it only sees the first packet of the flow. * route, which is the equivalent of the iptables mangle table, that triggers a re-route if there is any change in some of the packet header fields, eg. IP TOS/DSCP, or the packet metainformation, eg. mark. Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'include/rule.h')
1 files changed, 2 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 2577cff5..4f684319 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -100,6 +100,7 @@ enum chain_flags {
* @flags: chain flags
* @hooknum: hook number (base chains)
* @priority: hook priority (base chains)
+ * @type: chain type
* @rules: rules contained in the chain
struct chain {
@@ -109,6 +110,7 @@ struct chain {
uint32_t flags;
unsigned int hooknum;
unsigned int priority;
+ const char *type;
struct scope scope;
struct list_head rules;