diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-22 17:26:31 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-27 00:38:01 +0200 |
commit | 2e27f2468ea69bd4ef15b7582e5d0ebe85c80da8 (patch) | |
tree | 22ca140eb616714782908c7843559a6981afb9b9 /include/rule.h | |
parent | facb3d65ae911418ee10ca2fd1c1ed9a9749cf3b (diff) |
src: allow to specify the base chain type
This patch allows you to specify the type of the base chain, eg.
add table mangle
add chain mangle OUTPUT { type route hook NF_INET_LOCAL_OUT 0; }
The chain type determines the semantics of the chain, we currently
have three types:
* filter, used for plain packet filtering.
* nat, it only sees the first packet of the flow.
* route, which is the equivalent of the iptables mangle table, that
triggers a re-route if there is any change in some of the packet header
fields, eg. IP TOS/DSCP, or the packet metainformation, eg. mark.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/rule.h')
-rw-r--r-- | include/rule.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 2577cff5..4f684319 100644 --- a/include/rule.h +++ b/include/rule.h @@ -100,6 +100,7 @@ enum chain_flags { * @flags: chain flags * @hooknum: hook number (base chains) * @priority: hook priority (base chains) + * @type: chain type * @rules: rules contained in the chain */ struct chain { @@ -109,6 +110,7 @@ struct chain { uint32_t flags; unsigned int hooknum; unsigned int priority; + const char *type; struct scope scope; struct list_head rules; }; |