diff options
| author | Anton Danilov <littlesmilingcloud@gmail.com> | 2014-08-28 02:11:27 -0400 |
|---|---|---|
| committer | Jozsef Kadlecsik <kadlec@blackhole.kfki.hu> | 2014-09-15 16:20:20 -0400 |
| commit | 0e9871e3f79fd17c691b50a9669220c54ff084a2 (patch) | |
| tree | fbc4dff39cb2497c3e84eb76686db8dc238b6546 /include/uapi/linux | |
| parent | 73e64e1813e9ea45885419d0fff1e628a6ab95d4 (diff) | |
netfilter: ipset: Add skbinfo extension kernel support in the ipset core.
Skbinfo extension provides mapping of metainformation with lookup in the ipset tables.
This patch defines the flags, the constants, the functions and the structures
for the data type independent support of the extension.
Note the firewall mark stores in the kernel structures as two 32bit values,
but transfered through netlink as one 64bit value.
Signed-off-by: Anton Danilov <littlesmilingcloud@gmail.com>
Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Diffstat (limited to 'include/uapi/linux')
| -rw-r--r-- | include/uapi/linux/netfilter/ipset/ip_set.h | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/ipset/ip_set.h b/include/uapi/linux/netfilter/ipset/ip_set.h index 78c2f2e79920..ca03119111a2 100644 --- a/include/uapi/linux/netfilter/ipset/ip_set.h +++ b/include/uapi/linux/netfilter/ipset/ip_set.h | |||
| @@ -115,6 +115,9 @@ enum { | |||
| 115 | IPSET_ATTR_BYTES, | 115 | IPSET_ATTR_BYTES, |
| 116 | IPSET_ATTR_PACKETS, | 116 | IPSET_ATTR_PACKETS, |
| 117 | IPSET_ATTR_COMMENT, | 117 | IPSET_ATTR_COMMENT, |
| 118 | IPSET_ATTR_SKBMARK, | ||
| 119 | IPSET_ATTR_SKBPRIO, | ||
| 120 | IPSET_ATTR_SKBQUEUE, | ||
| 118 | __IPSET_ATTR_ADT_MAX, | 121 | __IPSET_ATTR_ADT_MAX, |
| 119 | }; | 122 | }; |
| 120 | #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) | 123 | #define IPSET_ATTR_ADT_MAX (__IPSET_ATTR_ADT_MAX - 1) |
| @@ -147,6 +150,7 @@ enum ipset_errno { | |||
| 147 | IPSET_ERR_COUNTER, | 150 | IPSET_ERR_COUNTER, |
| 148 | IPSET_ERR_COMMENT, | 151 | IPSET_ERR_COMMENT, |
| 149 | IPSET_ERR_INVALID_MARKMASK, | 152 | IPSET_ERR_INVALID_MARKMASK, |
| 153 | IPSET_ERR_SKBINFO, | ||
| 150 | 154 | ||
| 151 | /* Type specific error codes */ | 155 | /* Type specific error codes */ |
| 152 | IPSET_ERR_TYPE_SPECIFIC = 4352, | 156 | IPSET_ERR_TYPE_SPECIFIC = 4352, |
| @@ -170,6 +174,12 @@ enum ipset_cmd_flags { | |||
| 170 | IPSET_FLAG_MATCH_COUNTERS = (1 << IPSET_FLAG_BIT_MATCH_COUNTERS), | 174 | IPSET_FLAG_MATCH_COUNTERS = (1 << IPSET_FLAG_BIT_MATCH_COUNTERS), |
| 171 | IPSET_FLAG_BIT_RETURN_NOMATCH = 7, | 175 | IPSET_FLAG_BIT_RETURN_NOMATCH = 7, |
| 172 | IPSET_FLAG_RETURN_NOMATCH = (1 << IPSET_FLAG_BIT_RETURN_NOMATCH), | 176 | IPSET_FLAG_RETURN_NOMATCH = (1 << IPSET_FLAG_BIT_RETURN_NOMATCH), |
| 177 | IPSET_FLAG_BIT_MAP_SKBMARK = 8, | ||
| 178 | IPSET_FLAG_MAP_SKBMARK = (1 << IPSET_FLAG_BIT_MAP_SKBMARK), | ||
| 179 | IPSET_FLAG_BIT_MAP_SKBPRIO = 9, | ||
| 180 | IPSET_FLAG_MAP_SKBPRIO = (1 << IPSET_FLAG_BIT_MAP_SKBPRIO), | ||
| 181 | IPSET_FLAG_BIT_MAP_SKBQUEUE = 10, | ||
| 182 | IPSET_FLAG_MAP_SKBQUEUE = (1 << IPSET_FLAG_BIT_MAP_SKBQUEUE), | ||
| 173 | IPSET_FLAG_CMD_MAX = 15, | 183 | IPSET_FLAG_CMD_MAX = 15, |
| 174 | }; | 184 | }; |
| 175 | 185 | ||
| @@ -187,6 +197,8 @@ enum ipset_cadt_flags { | |||
| 187 | IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT), | 197 | IPSET_FLAG_WITH_COMMENT = (1 << IPSET_FLAG_BIT_WITH_COMMENT), |
| 188 | IPSET_FLAG_BIT_WITH_FORCEADD = 5, | 198 | IPSET_FLAG_BIT_WITH_FORCEADD = 5, |
| 189 | IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD), | 199 | IPSET_FLAG_WITH_FORCEADD = (1 << IPSET_FLAG_BIT_WITH_FORCEADD), |
| 200 | IPSET_FLAG_BIT_WITH_SKBINFO = 6, | ||
| 201 | IPSET_FLAG_WITH_SKBINFO = (1 << IPSET_FLAG_BIT_WITH_SKBINFO), | ||
| 190 | IPSET_FLAG_CADT_MAX = 15, | 202 | IPSET_FLAG_CADT_MAX = 15, |
| 191 | }; | 203 | }; |
| 192 | 204 | ||