netfilter: nf_tables: prepare for expressions associated to set elements

Preparation to attach expressions to set elements: add a set extension type to hold an expression and dump the expression information with the set element. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Patrick McHardy <kaber@trash.net> 2015-04-11 05:46:39 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-04-13 14:12:31 -0400
commit: f25ad2e907f110378159fe5e088aa13176faaa5b (patch)
tree: 9f3f8353dc536847f3d95cc58cbc0d9ae183fe0c /include
parent: 0b2d8a7b638b5034d2d68f6add8af94daaa1d4cd (diff)
2 files changed, 9 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index e21623cb7b20..d45a871b3da6 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -371,6 +371,7 @@ void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
 *      @NFT_SET_EXT_TIMEOUT: element timeout
 *      @NFT_SET_EXT_EXPIRATION: element expiration time
 *      @NFT_SET_EXT_USERDATA: user data associated with the element
+ *      @NFT_SET_EXT_EXPR: expression assiociated with the element
 *      @NFT_SET_EXT_NUM: number of extension types
 */
 enum nft_set_extensions {
@@ -380,6 +381,7 @@ enum nft_set_extensions {
        NFT_SET_EXT_TIMEOUT,
        NFT_SET_EXT_EXPIRATION,
        NFT_SET_EXT_USERDATA,
+        NFT_SET_EXT_EXPR,
        NFT_SET_EXT_NUM
 };
@@ -491,6 +493,11 @@ static inline struct nft_userdata *nft_set_ext_userdata(const struct nft_set_ext
        return nft_set_ext(ext, NFT_SET_EXT_USERDATA);
 }
+static inline struct nft_expr *nft_set_ext_expr(const struct nft_set_ext *ext)
+{
+        return nft_set_ext(ext, NFT_SET_EXT_EXPR);
+}
 static inline bool nft_set_elem_expired(const struct nft_set_ext *ext)
 {
        return nft_set_ext_exists(ext, NFT_SET_EXT_EXPIRATION) &&
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index be8584c95297..f9c5af22a6af 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -322,6 +322,7 @@ enum nft_set_elem_flags {
 * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64)
 * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64)
 * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY)
+ * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes)
 */
 enum nft_set_elem_attributes {
        NFTA_SET_ELEM_UNSPEC,
@@ -331,6 +332,7 @@ enum nft_set_elem_attributes {
        NFTA_SET_ELEM_TIMEOUT,
        NFTA_SET_ELEM_EXPIRATION,
        NFTA_SET_ELEM_USERDATA,
+        NFTA_SET_ELEM_EXPR,
        __NFTA_SET_ELEM_MAX
 };
 #define NFTA_SET_ELEM_MAX       (__NFTA_SET_ELEM_MAX - 1)
author	Patrick McHardy <kaber@trash.net>	2015-04-11 05:46:39 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-04-13 14:12:31 -0400
commit	f25ad2e907f110378159fe5e088aa13176faaa5b (patch)
tree	9f3f8353dc536847f3d95cc58cbc0d9ae183fe0c /include
parent	0b2d8a7b638b5034d2d68f6add8af94daaa1d4cd (diff)