diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 6 | ||||
-rw-r--r-- | include/mnl.h | 3 | ||||
-rw-r--r-- | include/netlink.h | 4 | ||||
-rw-r--r-- | include/rule.h | 24 |
4 files changed, 37 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 2efbf974..b2d36004 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -92,6 +92,9 @@ enum nft_verdicts { * @NFT_MSG_GETOBJ: get a stateful object (enum nft_obj_attributes) * @NFT_MSG_DELOBJ: delete a stateful object (enum nft_obj_attributes) * @NFT_MSG_GETOBJ_RESET: get and reset a stateful object (enum nft_obj_attributes) + * @NFT_MSG_NEWFLOWTABLE: add new flow table (enum nft_flowtable_attributes) + * @NFT_MSG_GETFLOWTABLE: get flow table (enum nft_flowtable_attributes) + * @NFT_MSG_DELFLOWTABLE: delete flow table (enum nft_flowtable_attributes) */ enum nf_tables_msg_types { NFT_MSG_NEWTABLE, @@ -116,6 +119,9 @@ enum nf_tables_msg_types { NFT_MSG_GETOBJ, NFT_MSG_DELOBJ, NFT_MSG_GETOBJ_RESET, + NFT_MSG_NEWFLOWTABLE, + NFT_MSG_GETFLOWTABLE, + NFT_MSG_DELFLOWTABLE, NFT_MSG_MAX, }; diff --git a/include/mnl.h b/include/mnl.h index 4662cd04..4475e7f8 100644 --- a/include/mnl.h +++ b/include/mnl.h @@ -89,6 +89,9 @@ int mnl_nft_obj_batch_add(struct nftnl_obj *nln, struct nftnl_batch *batch, int mnl_nft_obj_batch_del(struct nftnl_obj *nln, struct nftnl_batch *batch, unsigned int flags, uint32_t seqnum); +struct nftnl_flowtable_list * +mnl_nft_flowtable_dump(struct netlink_ctx *ctx, int family, const char *table); + struct nftnl_ruleset *mnl_nft_ruleset_dump(struct netlink_ctx *ctx, uint32_t family); int mnl_nft_event_listener(struct mnl_socket *nf_sock, unsigned int debug_mask, diff --git a/include/netlink.h b/include/netlink.h index 2c4250e7..387eb9d8 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -179,6 +179,10 @@ extern int netlink_add_obj(struct netlink_ctx *ctx, const struct handle *h, extern int netlink_delete_obj(struct netlink_ctx *ctx, const struct handle *h, struct location *loc, uint32_t type); +extern int netlink_list_flowtables(struct netlink_ctx *ctx, + const struct handle *h, + const struct location *loc); + extern void netlink_dump_chain(const struct nftnl_chain *nlc, struct netlink_ctx *ctx); extern void netlink_dump_rule(const struct nftnl_rule *nlr, diff --git a/include/rule.h b/include/rule.h index 58c4aeef..33bb24fa 100644 --- a/include/rule.h +++ b/include/rule.h @@ -35,6 +35,7 @@ struct position_spec { * @chain: chain name (chains and rules only) * @set: set name (sets only) * @obj: stateful object name (stateful object only) + * @flowtable: flow table name (flow table only) * @handle: rule handle (rules only) * @position: rule position (rules only) * @set_id: set ID (sets only) @@ -45,6 +46,7 @@ struct handle { const char *chain; const char *set; const char *obj; + const char *flowtable; struct handle_spec handle; struct position_spec position; uint32_t set_id; @@ -102,6 +104,7 @@ enum table_flags { * @chains: chains contained in the table * @sets: sets contained in the table * @objs: stateful objects contained in the table + * @flowtables: flow tables contained in the table * @flags: table flags * @refcnt: table reference counter */ @@ -113,6 +116,7 @@ struct table { struct list_head chains; struct list_head sets; struct list_head objs; + struct list_head flowtables; enum table_flags flags; unsigned int refcnt; }; @@ -319,6 +323,24 @@ void obj_print_plain(const struct obj *obj, struct output_ctx *octx); const char *obj_type_name(uint32_t type); uint32_t obj_type_to_cmd(uint32_t type); +struct flowtable { + struct list_head list; + struct handle handle; + struct location location; + unsigned int hooknum; + int priority; + const char **dev_array; + int dev_array_len; + unsigned int refcnt; +}; + +extern struct flowtable *flowtable_alloc(const struct location *loc); +extern struct flowtable *flowtable_get(struct flowtable *flowtable); +extern void flowtable_free(struct flowtable *flowtable); +extern void flowtable_add_hash(struct flowtable *flowtable, struct table *table); + +void flowtable_print(const struct flowtable *n, struct output_ctx *octx); + /** * enum cmd_ops - command operations * @@ -377,6 +399,7 @@ enum cmd_ops { * @CMD_OBJ_QUOTAS: multiple quotas * @CMD_OBJ_LIMIT: limit * @CMD_OBJ_LIMITS: multiple limits + * @CMD_OBJ_FLOWTABLES: flow tables */ enum cmd_obj { CMD_OBJ_INVALID, @@ -403,6 +426,7 @@ enum cmd_obj { CMD_OBJ_CT_HELPERS, CMD_OBJ_LIMIT, CMD_OBJ_LIMITS, + CMD_OBJ_FLOWTABLES, }; struct markup { |