diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-29 18:21:54 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-09-30 17:32:10 +0200 |
commit | b870b949470af0b1b578590b38efdd80048b539e (patch) | |
tree | 21fbd7c71aa63e3a95b0d4be80d56664b17b2cb7 /include | |
parent | de2ebd0e1d43361ecd879170b40bac76a503aa65 (diff) |
src: add dup statement support
This allows you to clone packets to destination address, eg.
... dup to 172.20.0.2
... dup to 172.20.0.2 device eth1
... dup to ip saddr map { 192.168.0.2 : 172.20.0.2, ... } device eth1
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 14 | ||||
-rw-r--r-- | include/meta.h | 2 | ||||
-rw-r--r-- | include/statement.h | 10 |
3 files changed, 26 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index db0457d9..5ebe3d85 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -936,6 +936,20 @@ enum nft_redir_attributes { #define NFTA_REDIR_MAX (__NFTA_REDIR_MAX - 1) /** + * enum nft_tee_attributes - nf_tables tee expression netlink attributes + * + * @NFTA_DUP_SREG_ADDR: source register of destination (NLA_U32: nft_registers) + * @NFTA_DUP_SREG_DEV: output interface name (NLA_U32: nft_register) + */ +enum nft_tee_attributes { + NFTA_DUP_UNSPEC, + NFTA_DUP_SREG_ADDR, + NFTA_DUP_SREG_DEV, + __NFTA_DUP_MAX +}; +#define NFTA_DUP_MAX (__NFTA_DUP_MAX - 1) + +/** * enum nft_gen_attributes - nf_tables ruleset generation attributes * * @NFTA_GEN_ID: Ruleset generation ID (NLA_U32) diff --git a/include/meta.h b/include/meta.h index 459221fb..abe74ec0 100644 --- a/include/meta.h +++ b/include/meta.h @@ -26,4 +26,6 @@ struct meta_template { extern struct expr *meta_expr_alloc(const struct location *loc, enum nft_meta_keys key); +const struct datatype ifindex_type; + #endif /* NFTABLES_META_H */ diff --git a/include/statement.h b/include/statement.h index bead0a6f..8b035d31 100644 --- a/include/statement.h +++ b/include/statement.h @@ -105,6 +105,13 @@ struct ct_stmt { extern struct stmt *ct_stmt_alloc(const struct location *loc, enum nft_ct_keys key, struct expr *expr); +struct dup_stmt { + struct expr *to; + struct expr *dev; +}; + +struct stmt *dup_stmt_alloc(const struct location *loc); +uint32_t dup_stmt_type(const char *type); struct set_stmt { struct expr *set; @@ -131,6 +138,7 @@ extern struct stmt *set_stmt_alloc(const struct location *loc); * @STMT_QUEUE: QUEUE statement * @STMT_CT: conntrack statement * @STMT_SET: set statement + * @STMT_DUP: dup statement */ enum stmt_types { STMT_INVALID, @@ -147,6 +155,7 @@ enum stmt_types { STMT_QUEUE, STMT_CT, STMT_SET, + STMT_DUP, }; /** @@ -197,6 +206,7 @@ struct stmt { struct queue_stmt queue; struct ct_stmt ct; struct set_stmt set; + struct dup_stmt dup; }; }; |