netfilter: nft: add queue module

This patch adds a new nft module named "nft_queue" which provides a new nftables expression that allows you to enqueue packets to userspace via the nfnetlink_queue subsystem. It provides the same level of functionality as NFQUEUE and it shares some code with it. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Eric Leblond <eric@regit.org> 2013-12-05 18:24:13 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-07 17:20:46 -0500
commit: 0aff078d58e1c69139189e45ba5e929c030e8056 (patch)
tree: 1251133d723af4b7ba6d5152bf6b8b225b44e393 /include
parent: 97a2d41c47a2246c3387a937c62126c9faefe875 (diff)
1 files changed, 20 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index fbfd229a8e99..256d36b1b94a 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -658,6 +658,26 @@ enum nft_log_attributes {
 #define NFTA_LOG_MAX            (__NFTA_LOG_MAX - 1)
 /**
+ * enum nft_queue_attributes - nf_tables queue expression netlink attributes
+ *
+ * @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
+ * @NFTA_QUEUE_TOTAL: number of queues to load balance packets on (NLA_U16)
+ * @NFTA_QUEUE_FLAGS: various flags (NLA_U16)
+ */
+enum nft_queue_attributes {
+        NFTA_QUEUE_UNSPEC,
+        NFTA_QUEUE_NUM,
+        NFTA_QUEUE_TOTAL,
+        NFTA_QUEUE_FLAGS,
+        __NFTA_QUEUE_MAX
+};
+#define NFTA_QUEUE_MAX          (__NFTA_QUEUE_MAX - 1)
+#define NFT_QUEUE_FLAG_BYPASS           0x01 /* for compatibility with v2 */
+#define NFT_QUEUE_FLAG_CPU_FANOUT       0x02 /* use current CPU (no hashing) */
+#define NFT_QUEUE_FLAG_MASK             0x03
+/**
 * enum nft_reject_types - nf_tables reject expression reject types
 *
 * @NFT_REJECT_ICMP_UNREACH: reject using ICMP unreachable
author	Eric Leblond <eric@regit.org>	2013-12-05 18:24:13 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-07 17:20:46 -0500
commit	0aff078d58e1c69139189e45ba5e929c030e8056 (patch)
tree	1251133d723af4b7ba6d5152bf6b8b225b44e393 /include
parent	97a2d41c47a2246c3387a937c62126c9faefe875 (diff)

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index fbfd229a8e99..256d36b1b94a 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -658,6 +658,26 @@ enum nft_log_attributes {
658	#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1)	658	#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1)
659		659
660	/**	660	/**
		661	* enum nft_queue_attributes - nf_tables queue expression netlink attributes
		662	*
		663	* @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
		664	* @NFTA_QUEUE_TOTAL: number of queues to load balance packets on (NLA_U16)
		665	* @NFTA_QUEUE_FLAGS: various flags (NLA_U16)
		666	*/
		667	enum nft_queue_attributes {
		668	NFTA_QUEUE_UNSPEC,
		669	NFTA_QUEUE_NUM,
		670	NFTA_QUEUE_TOTAL,
		671	NFTA_QUEUE_FLAGS,
		672	__NFTA_QUEUE_MAX
		673	};
		674	#define NFTA_QUEUE_MAX (__NFTA_QUEUE_MAX - 1)
		675
		676	#define NFT_QUEUE_FLAG_BYPASS 0x01 /* for compatibility with v2 */
		677	#define NFT_QUEUE_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */
		678	#define NFT_QUEUE_FLAG_MASK 0x03
		679
		680	/**
661	* enum nft_reject_types - nf_tables reject expression reject types	681	* enum nft_reject_types - nf_tables reject expression reject types
662	*	682	*
663	* @NFT_REJECT_ICMP_UNREACH: reject using ICMP unreachable	683	* @NFT_REJECT_ICMP_UNREACH: reject using ICMP unreachable