diff options
| author | Patrick McHardy <kaber@trash.net> | 2014-01-03 07:16:16 -0500 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-01-07 17:57:25 -0500 |
| commit | 1d49144c0aaa61be4e3ccbef9cc5c40b0ec5f2fe (patch) | |
| tree | 1711f39fb9f9ba1fed9bcb9afcf55499b0cef3b6 /include | |
| parent | 115a60b173af0170e0db26b9a3fd6a911fba70a3 (diff) | |
netfilter: nf_tables: add "inet" table for IPv4/IPv6
This patch adds a new table family and a new filter chain that you can
use to attach IPv4 and IPv6 rules. This should help to simplify
rule-set maintainance in dual-stack setups.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/netfilter/nf_tables_ipv4.h | 2 | ||||
| -rw-r--r-- | include/net/netfilter/nf_tables_ipv6.h | 2 | ||||
| -rw-r--r-- | include/net/netns/nftables.h | 1 | ||||
| -rw-r--r-- | include/uapi/linux/netfilter.h | 1 |
4 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables_ipv4.h b/include/net/netfilter/nf_tables_ipv4.h index 1be1c2c197ee..f7b3a669aad3 100644 --- a/include/net/netfilter/nf_tables_ipv4.h +++ b/include/net/netfilter/nf_tables_ipv4.h | |||
| @@ -20,4 +20,6 @@ nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt, | |||
| 20 | pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET; | 20 | pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET; |
| 21 | } | 21 | } |
| 22 | 22 | ||
| 23 | extern struct nft_af_info nft_af_ipv4; | ||
| 24 | |||
| 23 | #endif | 25 | #endif |
diff --git a/include/net/netfilter/nf_tables_ipv6.h b/include/net/netfilter/nf_tables_ipv6.h index 4a9b88a65963..3d8ae489be0d 100644 --- a/include/net/netfilter/nf_tables_ipv6.h +++ b/include/net/netfilter/nf_tables_ipv6.h | |||
| @@ -27,4 +27,6 @@ nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt, | |||
| 27 | return 0; | 27 | return 0; |
| 28 | } | 28 | } |
| 29 | 29 | ||
| 30 | extern struct nft_af_info nft_af_ipv6; | ||
| 31 | |||
| 30 | #endif | 32 | #endif |
diff --git a/include/net/netns/nftables.h b/include/net/netns/nftables.h index 15d056d534e3..26a394cb91a8 100644 --- a/include/net/netns/nftables.h +++ b/include/net/netns/nftables.h | |||
| @@ -10,6 +10,7 @@ struct netns_nftables { | |||
| 10 | struct list_head commit_list; | 10 | struct list_head commit_list; |
| 11 | struct nft_af_info *ipv4; | 11 | struct nft_af_info *ipv4; |
| 12 | struct nft_af_info *ipv6; | 12 | struct nft_af_info *ipv6; |
| 13 | struct nft_af_info *inet; | ||
| 13 | struct nft_af_info *arp; | 14 | struct nft_af_info *arp; |
| 14 | struct nft_af_info *bridge; | 15 | struct nft_af_info *bridge; |
| 15 | u8 gencursor; | 16 | u8 gencursor; |
diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h index f7dc0ebeeba5..ef1b1f88ca18 100644 --- a/include/uapi/linux/netfilter.h +++ b/include/uapi/linux/netfilter.h | |||
| @@ -53,6 +53,7 @@ enum nf_inet_hooks { | |||
| 53 | 53 | ||
| 54 | enum { | 54 | enum { |
| 55 | NFPROTO_UNSPEC = 0, | 55 | NFPROTO_UNSPEC = 0, |
| 56 | NFPROTO_INET = 1, | ||
| 56 | NFPROTO_IPV4 = 2, | 57 | NFPROTO_IPV4 = 2, |
| 57 | NFPROTO_ARP = 3, | 58 | NFPROTO_ARP = 3, |
| 58 | NFPROTO_BRIDGE = 7, | 59 | NFPROTO_BRIDGE = 7, |