diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 7 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 27 | ||||
-rw-r--r-- | include/rt.h | 33 |
3 files changed, 67 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h index eda3d98f..3ae4e804 100644 --- a/include/expression.h +++ b/include/expression.h @@ -35,6 +35,7 @@ * @EXPR_RELATIONAL: equality and relational expressions * @EXPR_NUMGEN: number generation expression * @EXPR_HASH: hash expression + * @EXPR_RT: routing expression */ enum expr_types { EXPR_INVALID, @@ -59,6 +60,7 @@ enum expr_types { EXPR_RELATIONAL, EXPR_NUMGEN, EXPR_HASH, + EXPR_RT, }; enum ops { @@ -180,6 +182,7 @@ enum expr_flags { #include <exthdr.h> #include <numgen.h> #include <meta.h> +#include <rt.h> #include <hash.h> #include <ct.h> @@ -283,6 +286,10 @@ struct expr { enum proto_bases base; } meta; struct { + /* EXPR_RT */ + enum nft_rt_keys key; + } rt; + struct { /* EXPR_CT */ enum nft_ct_keys key; int8_t direction; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index e84a9f5b..2d477847 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -753,6 +753,19 @@ enum nft_meta_keys { }; /** + * enum nft_rt_keys - nf_tables routing expression keys + * + * @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid) + * @NFT_RT_NEXTHOP4: routing nexthop for IPv4 + * @NFT_RT_NEXTHOP6: routing nexthop for IPv6 + */ +enum nft_rt_keys { + NFT_RT_CLASSID, + NFT_RT_NEXTHOP4, + NFT_RT_NEXTHOP6, +}; + +/** * enum nft_hash_attributes - nf_tables hash expression netlink attributes * * @NFTA_HASH_SREG: source register (NLA_U32) @@ -789,6 +802,20 @@ enum nft_meta_attributes { #define NFTA_META_MAX (__NFTA_META_MAX - 1) /** + * enum nft_rt_attributes - nf_tables routing expression netlink attributes + * + * @NFTA_RT_DREG: destination register (NLA_U32) + * @NFTA_RT_KEY: routing data item to load (NLA_U32: nft_rt_keys) + */ +enum nft_rt_attributes { + NFTA_RT_UNSPEC, + NFTA_RT_DREG, + NFTA_RT_KEY, + __NFTA_RT_MAX +}; +#define NFTA_RT_MAX (__NFTA_RT_MAX - 1) + +/** * enum nft_ct_keys - nf_tables ct expression keys * * @NFT_CT_STATE: conntrack state (bitmask of enum ip_conntrack_info) diff --git a/include/rt.h b/include/rt.h new file mode 100644 index 00000000..728cf5f0 --- /dev/null +++ b/include/rt.h @@ -0,0 +1,33 @@ +#ifndef NFTABLES_RT_H +#define NFTABLES_RT_H + +/** + * struct rt_template - template for routing expressions + * + * @token: parser token for the expression + * @dtype: data type of the expression + * @len: length of the expression + * @byteorder: byteorder + * @invalid: invalidate datatype on allocation from parser + */ +struct rt_template { + const char *token; + const struct datatype *dtype; + unsigned int len; + enum byteorder byteorder; + bool invalid; +}; + +#define RT_TEMPLATE(__token, __dtype, __len, __byteorder, __invalid) { \ + .token = (__token), \ + .dtype = (__dtype), \ + .len = (__len), \ + .byteorder = (__byteorder), \ + .invalid = (__invalid), \ +} + +extern struct expr *rt_expr_alloc(const struct location *loc, + enum nft_rt_keys key, bool invalid); +extern void rt_expr_update_type(struct proto_ctx *ctx, struct expr *expr); + +#endif /* NFTABLES_RT_H */ |