summaryrefslogtreecommitdiffstats
path: root/include/rule.h
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-11-28 00:03:50 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-01-03 14:21:53 +0100
commitdeaf962ebd7c6b9d8a161d9378a710031e4f1dd6 (patch)
tree8e885dfedb3eefafa29bd46edc1ebe09f5f8c41c /include/rule.h
parentb139f738f558d6afb8c8f3e73526f578b059abd6 (diff)
src: add support for stateful object maps
You can create these maps using explicit map declarations: # nft add table filter # nft add chain filter input { type filter hook input priority 0\; } # nft add map filter badguys { type ipv4_addr : counter \; } # nft add rule filter input counter name ip saddr map @badguys # nft add counter filter badguy1 # nft add counter filter badguy2 # nft add element filter badguys { 192.168.2.3 : "badguy1" } # nft add element filter badguys { 192.168.2.4 : "badguy2" } Or through implicit map definitions: table ip filter { counter http-traffic { packets 8 bytes 672 } chain input { type filter hook input priority 0; policy accept; counter name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"} } } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r--include/rule.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 9028c84b..86c0392f 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -212,6 +212,7 @@ extern struct rule *rule_lookup(const struct chain *chain, uint64_t handle);
* @keylen: key length
* @datatype: mapping data type
* @datalen: mapping data len
+ * @objtype: mapping object type
* @init: initializer
* @policy: set mechanism policy
* @desc: set mechanism desc
@@ -228,6 +229,7 @@ struct set {
unsigned int keylen;
const struct datatype *datatype;
unsigned int datalen;
+ uint32_t objtype;
struct expr *init;
uint32_t policy;
struct {