diff options
author | Florian Westphal <fw@strlen.de> | 2017-02-21 18:11:31 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:09:42 +0100 |
commit | 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch) | |
tree | a54d95ecbb4de9deeeee83f1353421ef690f135e /include/rule.h | |
parent | f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff) |
src: add initial ct helper support
This adds initial support for defining conntrack helper objects
which can then be assigned to connections using the objref infrastructure:
table ip filter {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain y {
tcp dport 21 ct helper set "ftp-standard"
}
}
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r-- | include/rule.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index ed12774d..d89a963d 100644 --- a/include/rule.h +++ b/include/rule.h @@ -260,6 +260,12 @@ struct quota { uint32_t flags; }; +struct ct { + char helper_name[16]; + uint16_t l3proto; + uint8_t l4proto; +}; + /** * struct obj - nftables stateful object statement * @@ -277,6 +283,7 @@ struct obj { union { struct counter counter; struct quota quota; + struct ct ct; }; }; |