summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2015-09-29 18:21:54 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2015-09-30 17:32:10 +0200
commitb870b949470af0b1b578590b38efdd80048b539e (patch)
tree21fbd7c71aa63e3a95b0d4be80d56664b17b2cb7 /include
parentde2ebd0e1d43361ecd879170b40bac76a503aa65 (diff)
src: add dup statement support
This allows you to clone packets to destination address, eg. ... dup to 172.20.0.2 ... dup to 172.20.0.2 device eth1 ... dup to ip saddr map { 192.168.0.2 : 172.20.0.2, ... } device eth1 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/linux/netfilter/nf_tables.h14
-rw-r--r--include/meta.h2
-rw-r--r--include/statement.h10
3 files changed, 26 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index db0457d9..5ebe3d85 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -936,6 +936,20 @@ enum nft_redir_attributes {
#define NFTA_REDIR_MAX (__NFTA_REDIR_MAX - 1)
/**
+ * enum nft_tee_attributes - nf_tables tee expression netlink attributes
+ *
+ * @NFTA_DUP_SREG_ADDR: source register of destination (NLA_U32: nft_registers)
+ * @NFTA_DUP_SREG_DEV: output interface name (NLA_U32: nft_register)
+ */
+enum nft_tee_attributes {
+ NFTA_DUP_UNSPEC,
+ NFTA_DUP_SREG_ADDR,
+ NFTA_DUP_SREG_DEV,
+ __NFTA_DUP_MAX
+};
+#define NFTA_DUP_MAX (__NFTA_DUP_MAX - 1)
+
+/**
* enum nft_gen_attributes - nf_tables ruleset generation attributes
*
* @NFTA_GEN_ID: Ruleset generation ID (NLA_U32)
diff --git a/include/meta.h b/include/meta.h
index 459221fb..abe74ec0 100644
--- a/include/meta.h
+++ b/include/meta.h
@@ -26,4 +26,6 @@ struct meta_template {
extern struct expr *meta_expr_alloc(const struct location *loc,
enum nft_meta_keys key);
+const struct datatype ifindex_type;
+
#endif /* NFTABLES_META_H */
diff --git a/include/statement.h b/include/statement.h
index bead0a6f..8b035d31 100644
--- a/include/statement.h
+++ b/include/statement.h
@@ -105,6 +105,13 @@ struct ct_stmt {
extern struct stmt *ct_stmt_alloc(const struct location *loc,
enum nft_ct_keys key,
struct expr *expr);
+struct dup_stmt {
+ struct expr *to;
+ struct expr *dev;
+};
+
+struct stmt *dup_stmt_alloc(const struct location *loc);
+uint32_t dup_stmt_type(const char *type);
struct set_stmt {
struct expr *set;
@@ -131,6 +138,7 @@ extern struct stmt *set_stmt_alloc(const struct location *loc);
* @STMT_QUEUE: QUEUE statement
* @STMT_CT: conntrack statement
* @STMT_SET: set statement
+ * @STMT_DUP: dup statement
*/
enum stmt_types {
STMT_INVALID,
@@ -147,6 +155,7 @@ enum stmt_types {
STMT_QUEUE,
STMT_CT,
STMT_SET,
+ STMT_DUP,
};
/**
@@ -197,6 +206,7 @@ struct stmt {
struct queue_stmt queue;
struct ct_stmt ct;
struct set_stmt set;
+ struct dup_stmt dup;
};
};