netfilter: nf_tables: match on tunnel metadata

This patch allows us to match on the tunnel metadata that is available of the packet. We can use this to validate if the packet comes from/goes to tunnel and the corresponding tunnel ID. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-02 14:51:46 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-03 15:12:19 -0400
commit: aaecfdb5c5dd8bac2dfd112166844a9f2d5711f0 (patch)
tree: 9ade4d7fd7477641b0f142588bcbed29c266016d /include/uapi/linux
parent: af308b94a2a4a5a27bec9028354c4df444a7c8ba (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 3ee1198eeac1..357862d948de 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1647,4 +1647,19 @@ enum nft_tunnel_key_attributes {
 };
 #define NFTA_TUNNEL_KEY_MAX     (__NFTA_TUNNEL_KEY_MAX - 1)
+enum nft_tunnel_keys {
+        NFT_TUNNEL_PATH,
+        NFT_TUNNEL_ID,
+        __NFT_TUNNEL_MAX
+};
+#define NFT_TUNNEL_MAX  (__NFT_TUNNEL_MAX - 1)
+enum nft_tunnel_attributes {
+        NFTA_TUNNEL_UNSPEC,
+        NFTA_TUNNEL_KEY,
+        NFTA_TUNNEL_DREG,
+        __NFTA_TUNNEL_MAX
+};
+#define NFTA_TUNNEL_MAX (__NFTA_TUNNEL_MAX - 1)
 #endif /* _LINUX_NF_TABLES_H */
author	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-02 14:51:46 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-03 15:12:19 -0400
commit	aaecfdb5c5dd8bac2dfd112166844a9f2d5711f0 (patch)
tree	9ade4d7fd7477641b0f142588bcbed29c266016d /include/uapi/linux
parent	af308b94a2a4a5a27bec9028354c4df444a7c8ba (diff)

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 3ee1198eeac1..357862d948de 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -1647,4 +1647,19 @@ enum nft_tunnel_key_attributes {
1647	};	1647	};
1648	#define NFTA_TUNNEL_KEY_MAX (__NFTA_TUNNEL_KEY_MAX - 1)	1648	#define NFTA_TUNNEL_KEY_MAX (__NFTA_TUNNEL_KEY_MAX - 1)
1649		1649
		1650	enum nft_tunnel_keys {
		1651	NFT_TUNNEL_PATH,
		1652	NFT_TUNNEL_ID,
		1653	__NFT_TUNNEL_MAX
		1654	};
		1655	#define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1)
		1656
		1657	enum nft_tunnel_attributes {
		1658	NFTA_TUNNEL_UNSPEC,
		1659	NFTA_TUNNEL_KEY,
		1660	NFTA_TUNNEL_DREG,
		1661	__NFTA_TUNNEL_MAX
		1662	};
		1663	#define NFTA_TUNNEL_MAX (__NFTA_TUNNEL_MAX - 1)
		1664
1650	#endif /* _LINUX_NF_TABLES_H */	1665	#endif /* _LINUX_NF_TABLES_H */