diff options
| author | Patrick McHardy <kaber@trash.net> | 2015-04-05 08:43:38 -0400 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-04-08 10:58:27 -0400 |
| commit | 68e942e88add0ac8576fc8397e86495edf3dcea7 (patch) | |
| tree | a068c331abf3b14574ecc9bab024a879bcb21bcb /include/net | |
| parent | 22fe54d5fefcfa98c58cc2f4607dd26d9648b3f5 (diff) | |
netfilter: nf_tables: support optional userdata for set elements
Add an userdata set extension and allow the user to attach arbitrary
data to set elements. This is intended to hold TLV encoded data like
comments or DNS annotations that have no meaning to the kernel.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
| -rw-r--r-- | include/net/netfilter/nf_tables.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 38c3496f7bf2..63c44bdfdd3b 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h | |||
| @@ -350,6 +350,7 @@ void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set, | |||
| 350 | * @NFT_SET_EXT_FLAGS: element flags | 350 | * @NFT_SET_EXT_FLAGS: element flags |
| 351 | * @NFT_SET_EXT_TIMEOUT: element timeout | 351 | * @NFT_SET_EXT_TIMEOUT: element timeout |
| 352 | * @NFT_SET_EXT_EXPIRATION: element expiration time | 352 | * @NFT_SET_EXT_EXPIRATION: element expiration time |
| 353 | * @NFT_SET_EXT_USERDATA: user data associated with the element | ||
| 353 | * @NFT_SET_EXT_NUM: number of extension types | 354 | * @NFT_SET_EXT_NUM: number of extension types |
| 354 | */ | 355 | */ |
| 355 | enum nft_set_extensions { | 356 | enum nft_set_extensions { |
| @@ -358,6 +359,7 @@ enum nft_set_extensions { | |||
| 358 | NFT_SET_EXT_FLAGS, | 359 | NFT_SET_EXT_FLAGS, |
| 359 | NFT_SET_EXT_TIMEOUT, | 360 | NFT_SET_EXT_TIMEOUT, |
| 360 | NFT_SET_EXT_EXPIRATION, | 361 | NFT_SET_EXT_EXPIRATION, |
| 362 | NFT_SET_EXT_USERDATA, | ||
| 361 | NFT_SET_EXT_NUM | 363 | NFT_SET_EXT_NUM |
| 362 | }; | 364 | }; |
| 363 | 365 | ||
| @@ -464,6 +466,11 @@ static inline unsigned long *nft_set_ext_expiration(const struct nft_set_ext *ex | |||
| 464 | return nft_set_ext(ext, NFT_SET_EXT_EXPIRATION); | 466 | return nft_set_ext(ext, NFT_SET_EXT_EXPIRATION); |
| 465 | } | 467 | } |
| 466 | 468 | ||
| 469 | static inline struct nft_userdata *nft_set_ext_userdata(const struct nft_set_ext *ext) | ||
| 470 | { | ||
| 471 | return nft_set_ext(ext, NFT_SET_EXT_USERDATA); | ||
| 472 | } | ||
| 473 | |||
| 467 | static inline bool nft_set_elem_expired(const struct nft_set_ext *ext) | 474 | static inline bool nft_set_elem_expired(const struct nft_set_ext *ext) |
| 468 | { | 475 | { |
| 469 | return nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION) && | 476 | return nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION) && |