src: add tunnel template support

This patch adds tunnel template support, this allows to attach a metadata template that provides the configuration for the tunnel driver. Example of generic tunnel configuration: table netdev x { tunnel y { id 10 ip saddr 192.168.2.10 ip daddr 192.168.2.11 sport 10 dport 20 ttl 10 } } This still requires the tunnel statement to attach this metadata template, this comes in a follow up patch. Joint work with Fernando. Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-08-21 11:12:56 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-08-27 23:50:50 +0200
commit: 35d9c77c5745219ad6bf1c5fc7512c1c92c70457 (patch)
tree: f4bf35cbaf821e4cd36bb055484079375cbb7056 /include/rule.h
parent: 5fb748243550f857bb82cddcdce642f8bf269026 (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h
index 470ae107..0fa87b52 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -492,6 +492,16 @@ struct secmark {
 	char		ctx[NFT_SECMARK_CTX_MAXLEN];
 };
 
+struct tunnel {
+	uint32_t	id;
+	struct expr	*src;
+	struct expr	*dst;
+	uint16_t	sport;
+	uint16_t	dport;
+	uint8_t		tos;
+	uint8_t		ttl;
+};
+
 /**
  * struct obj - nftables stateful object statement
  *
@@ -518,6 +528,7 @@ struct obj {
 		struct secmark		secmark;
 		struct ct_expect	ct_expect;
 		struct synproxy		synproxy;
+		struct tunnel		tunnel;
 	};
 };
 
@@ -664,6 +675,8 @@ enum cmd_obj {
 	CMD_OBJ_CT_EXPECTATIONS,
 	CMD_OBJ_SYNPROXY,
 	CMD_OBJ_SYNPROXYS,
+	CMD_OBJ_TUNNEL,
+	CMD_OBJ_TUNNELS,
 	CMD_OBJ_HOOKS,
 };
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-08-21 11:12:56 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-08-27 23:50:50 +0200
commit	35d9c77c5745219ad6bf1c5fc7512c1c92c70457 (patch)
tree	f4bf35cbaf821e4cd36bb055484079375cbb7056 /include/rule.h
parent	5fb748243550f857bb82cddcdce642f8bf269026 (diff)