From deaf962ebd7c6b9d8a161d9378a710031e4f1dd6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 28 Nov 2016 00:03:50 +0100 Subject: src: add support for stateful object maps You can create these maps using explicit map declarations: # nft add table filter # nft add chain filter input { type filter hook input priority 0\; } # nft add map filter badguys { type ipv4_addr : counter \; } # nft add rule filter input counter name ip saddr map @badguys # nft add counter filter badguy1 # nft add counter filter badguy2 # nft add element filter badguys { 192.168.2.3 : "badguy1" } # nft add element filter badguys { 192.168.2.4 : "badguy2" } Or through implicit map definitions: table ip filter { counter http-traffic { packets 8 bytes 672 } chain input { type filter hook input priority 0; policy accept; counter name tcp dport map { 80 : "http-traffic", 443 : "http-traffic"} } } Signed-off-by: Pablo Neira Ayuso --- include/rule.h | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include') diff --git a/include/rule.h b/include/rule.h index 9028c84b..86c0392f 100644 --- a/include/rule.h +++ b/include/rule.h @@ -212,6 +212,7 @@ extern struct rule *rule_lookup(const struct chain *chain, uint64_t handle); * @keylen: key length * @datatype: mapping data type * @datalen: mapping data len + * @objtype: mapping object type * @init: initializer * @policy: set mechanism policy * @desc: set mechanism desc @@ -228,6 +229,7 @@ struct set { unsigned int keylen; const struct datatype *datatype; unsigned int datalen; + uint32_t objtype; struct expr *init; uint32_t policy; struct { -- cgit v1.2.3