Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nftables
Pablo Neira Ayuso says: <pablo@netfilter.org> ==================== nftables updates for net-next The following patchset contains nftables updates for your net-next tree, they are: * Add set operation to the meta expression by means of the select_ops() infrastructure, this allows us to set the packet mark among other things. From Arturo Borrero Gonzalez. * Fix wrong format in sscanf in nf_tables_set_alloc_name(), from Daniel Borkmann. * Add new queue expression to nf_tables. These comes with two previous patches to prepare this new feature, one to add mask in nf_tables_core to evaluate the queue verdict appropriately and another to refactor common code with xt_NFQUEUE, from Eric Leblond. * Do not hide nftables from Kconfig if nfnetlink is not enabled, also from Eric Leblond. * Add the reject expression to nf_tables, this adds the missing TCP RST support. It comes with an initial patch to refactor common code with xt_NFQUEUE, again from Eric Leblond. * Remove an unused variable assignment in nf_tables_dump_set(), from Michal Nazarewicz. * Remove the nft_meta_target code, now that Arturo added the set operation to the meta expression, from me. * Add help information for nf_tables to Kconfig, also from me. * Allow to dump all sets by specifying NFPROTO_UNSPEC, similar feature is available to other nf_tables objects, requested by Arturo, from me. * Expose the table usage counter, so we can know how many chains are using this table without dumping the list of chains, from Tomasz Bursztyka. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
@@ -110,11 +110,13 @@ enum nft_table_flags {
|
||||
*
|
||||
* @NFTA_TABLE_NAME: name of the table (NLA_STRING)
|
||||
* @NFTA_TABLE_FLAGS: bitmask of enum nft_table_flags (NLA_U32)
|
||||
* @NFTA_TABLE_USE: number of chains in this table (NLA_U32)
|
||||
*/
|
||||
enum nft_table_attributes {
|
||||
NFTA_TABLE_UNSPEC,
|
||||
NFTA_TABLE_NAME,
|
||||
NFTA_TABLE_FLAGS,
|
||||
NFTA_TABLE_USE,
|
||||
__NFTA_TABLE_MAX
|
||||
};
|
||||
#define NFTA_TABLE_MAX (__NFTA_TABLE_MAX - 1)
|
||||
@@ -553,11 +555,13 @@ enum nft_meta_keys {
|
||||
*
|
||||
* @NFTA_META_DREG: destination register (NLA_U32)
|
||||
* @NFTA_META_KEY: meta data item to load (NLA_U32: nft_meta_keys)
|
||||
* @NFTA_META_SREG: source register (NLA_U32)
|
||||
*/
|
||||
enum nft_meta_attributes {
|
||||
NFTA_META_UNSPEC,
|
||||
NFTA_META_DREG,
|
||||
NFTA_META_KEY,
|
||||
NFTA_META_SREG,
|
||||
__NFTA_META_MAX
|
||||
};
|
||||
#define NFTA_META_MAX (__NFTA_META_MAX - 1)
|
||||
@@ -657,6 +661,26 @@ enum nft_log_attributes {
|
||||
};
|
||||
#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1)
|
||||
|
||||
/**
|
||||
* enum nft_queue_attributes - nf_tables queue expression netlink attributes
|
||||
*
|
||||
* @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
|
||||
* @NFTA_QUEUE_TOTAL: number of queues to load balance packets on (NLA_U16)
|
||||
* @NFTA_QUEUE_FLAGS: various flags (NLA_U16)
|
||||
*/
|
||||
enum nft_queue_attributes {
|
||||
NFTA_QUEUE_UNSPEC,
|
||||
NFTA_QUEUE_NUM,
|
||||
NFTA_QUEUE_TOTAL,
|
||||
NFTA_QUEUE_FLAGS,
|
||||
__NFTA_QUEUE_MAX
|
||||
};
|
||||
#define NFTA_QUEUE_MAX (__NFTA_QUEUE_MAX - 1)
|
||||
|
||||
#define NFT_QUEUE_FLAG_BYPASS 0x01 /* for compatibility with v2 */
|
||||
#define NFT_QUEUE_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */
|
||||
#define NFT_QUEUE_FLAG_MASK 0x03
|
||||
|
||||
/**
|
||||
* enum nft_reject_types - nf_tables reject expression reject types
|
||||
*
|
||||
|
||||
Reference in New Issue
Block a user