diff options
Diffstat (limited to 'include/uapi')
| -rw-r--r-- | include/uapi/linux/netfilter/nf_tables.h | 40 | ||||
| -rw-r--r-- | include/uapi/linux/netfilter_bridge/ebtables.h | 2 |
2 files changed, 39 insertions, 3 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 05ee1e0804a3..5fa1cd04762e 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h | |||
| @@ -5,16 +5,45 @@ | |||
| 5 | #define NFT_CHAIN_MAXNAMELEN 32 | 5 | #define NFT_CHAIN_MAXNAMELEN 32 |
| 6 | #define NFT_USERDATA_MAXLEN 256 | 6 | #define NFT_USERDATA_MAXLEN 256 |
| 7 | 7 | ||
| 8 | /** | ||
| 9 | * enum nft_registers - nf_tables registers | ||
| 10 | * | ||
| 11 | * nf_tables used to have five registers: a verdict register and four data | ||
| 12 | * registers of size 16. The data registers have been changed to 16 registers | ||
| 13 | * of size 4. For compatibility reasons, the NFT_REG_[1-4] registers still | ||
| 14 | * map to areas of size 16, the 4 byte registers are addressed using | ||
| 15 | * NFT_REG32_00 - NFT_REG32_15. | ||
| 16 | */ | ||
| 8 | enum nft_registers { | 17 | enum nft_registers { |
| 9 | NFT_REG_VERDICT, | 18 | NFT_REG_VERDICT, |
| 10 | NFT_REG_1, | 19 | NFT_REG_1, |
| 11 | NFT_REG_2, | 20 | NFT_REG_2, |
| 12 | NFT_REG_3, | 21 | NFT_REG_3, |
| 13 | NFT_REG_4, | 22 | NFT_REG_4, |
| 14 | __NFT_REG_MAX | 23 | __NFT_REG_MAX, |
| 24 | |||
| 25 | NFT_REG32_00 = 8, | ||
| 26 | MFT_REG32_01, | ||
| 27 | NFT_REG32_02, | ||
| 28 | NFT_REG32_03, | ||
| 29 | NFT_REG32_04, | ||
| 30 | NFT_REG32_05, | ||
| 31 | NFT_REG32_06, | ||
| 32 | NFT_REG32_07, | ||
| 33 | NFT_REG32_08, | ||
| 34 | NFT_REG32_09, | ||
| 35 | NFT_REG32_10, | ||
| 36 | NFT_REG32_11, | ||
| 37 | NFT_REG32_12, | ||
| 38 | NFT_REG32_13, | ||
| 39 | NFT_REG32_14, | ||
| 40 | NFT_REG32_15, | ||
| 15 | }; | 41 | }; |
| 16 | #define NFT_REG_MAX (__NFT_REG_MAX - 1) | 42 | #define NFT_REG_MAX (__NFT_REG_MAX - 1) |
| 17 | 43 | ||
| 44 | #define NFT_REG_SIZE 16 | ||
| 45 | #define NFT_REG32_SIZE 4 | ||
| 46 | |||
| 18 | /** | 47 | /** |
| 19 | * enum nft_verdicts - nf_tables internal verdicts | 48 | * enum nft_verdicts - nf_tables internal verdicts |
| 20 | * | 49 | * |
| @@ -209,6 +238,7 @@ enum nft_rule_compat_attributes { | |||
| 209 | * @NFT_SET_INTERVAL: set contains intervals | 238 | * @NFT_SET_INTERVAL: set contains intervals |
| 210 | * @NFT_SET_MAP: set is used as a dictionary | 239 | * @NFT_SET_MAP: set is used as a dictionary |
| 211 | * @NFT_SET_TIMEOUT: set uses timeouts | 240 | * @NFT_SET_TIMEOUT: set uses timeouts |
| 241 | * @NFT_SET_EVAL: set contains expressions for evaluation | ||
| 212 | */ | 242 | */ |
| 213 | enum nft_set_flags { | 243 | enum nft_set_flags { |
| 214 | NFT_SET_ANONYMOUS = 0x1, | 244 | NFT_SET_ANONYMOUS = 0x1, |
| @@ -216,6 +246,7 @@ enum nft_set_flags { | |||
| 216 | NFT_SET_INTERVAL = 0x4, | 246 | NFT_SET_INTERVAL = 0x4, |
| 217 | NFT_SET_MAP = 0x8, | 247 | NFT_SET_MAP = 0x8, |
| 218 | NFT_SET_TIMEOUT = 0x10, | 248 | NFT_SET_TIMEOUT = 0x10, |
| 249 | NFT_SET_EVAL = 0x20, | ||
| 219 | }; | 250 | }; |
| 220 | 251 | ||
| 221 | /** | 252 | /** |
| @@ -293,6 +324,7 @@ enum nft_set_elem_flags { | |||
| 293 | * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64) | 324 | * @NFTA_SET_ELEM_TIMEOUT: timeout value (NLA_U64) |
| 294 | * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64) | 325 | * @NFTA_SET_ELEM_EXPIRATION: expiration time (NLA_U64) |
| 295 | * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) | 326 | * @NFTA_SET_ELEM_USERDATA: user data (NLA_BINARY) |
| 327 | * @NFTA_SET_ELEM_EXPR: expression (NLA_NESTED: nft_expr_attributes) | ||
| 296 | */ | 328 | */ |
| 297 | enum nft_set_elem_attributes { | 329 | enum nft_set_elem_attributes { |
| 298 | NFTA_SET_ELEM_UNSPEC, | 330 | NFTA_SET_ELEM_UNSPEC, |
| @@ -302,6 +334,7 @@ enum nft_set_elem_attributes { | |||
| 302 | NFTA_SET_ELEM_TIMEOUT, | 334 | NFTA_SET_ELEM_TIMEOUT, |
| 303 | NFTA_SET_ELEM_EXPIRATION, | 335 | NFTA_SET_ELEM_EXPIRATION, |
| 304 | NFTA_SET_ELEM_USERDATA, | 336 | NFTA_SET_ELEM_USERDATA, |
| 337 | NFTA_SET_ELEM_EXPR, | ||
| 305 | __NFTA_SET_ELEM_MAX | 338 | __NFTA_SET_ELEM_MAX |
| 306 | }; | 339 | }; |
| 307 | #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) | 340 | #define NFTA_SET_ELEM_MAX (__NFTA_SET_ELEM_MAX - 1) |
| @@ -359,6 +392,9 @@ enum nft_data_attributes { | |||
| 359 | }; | 392 | }; |
| 360 | #define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1) | 393 | #define NFTA_DATA_MAX (__NFTA_DATA_MAX - 1) |
| 361 | 394 | ||
| 395 | /* Maximum length of a value */ | ||
| 396 | #define NFT_DATA_VALUE_MAXLEN 64 | ||
| 397 | |||
| 362 | /** | 398 | /** |
| 363 | * enum nft_verdict_attributes - nf_tables verdict netlink attributes | 399 | * enum nft_verdict_attributes - nf_tables verdict netlink attributes |
| 364 | * | 400 | * |
| @@ -531,6 +567,7 @@ enum nft_dynset_ops { | |||
| 531 | * @NFTA_DYNSET_SREG_KEY: source register of the key (NLA_U32) | 567 | * @NFTA_DYNSET_SREG_KEY: source register of the key (NLA_U32) |
| 532 | * @NFTA_DYNSET_SREG_DATA: source register of the data (NLA_U32) | 568 | * @NFTA_DYNSET_SREG_DATA: source register of the data (NLA_U32) |
| 533 | * @NFTA_DYNSET_TIMEOUT: timeout value for the new element (NLA_U64) | 569 | * @NFTA_DYNSET_TIMEOUT: timeout value for the new element (NLA_U64) |
| 570 | * @NFTA_DYNSET_EXPR: expression (NLA_NESTED: nft_expr_attributes) | ||
| 534 | */ | 571 | */ |
| 535 | enum nft_dynset_attributes { | 572 | enum nft_dynset_attributes { |
| 536 | NFTA_DYNSET_UNSPEC, | 573 | NFTA_DYNSET_UNSPEC, |
| @@ -540,6 +577,7 @@ enum nft_dynset_attributes { | |||
| 540 | NFTA_DYNSET_SREG_KEY, | 577 | NFTA_DYNSET_SREG_KEY, |
| 541 | NFTA_DYNSET_SREG_DATA, | 578 | NFTA_DYNSET_SREG_DATA, |
| 542 | NFTA_DYNSET_TIMEOUT, | 579 | NFTA_DYNSET_TIMEOUT, |
| 580 | NFTA_DYNSET_EXPR, | ||
| 543 | __NFTA_DYNSET_MAX, | 581 | __NFTA_DYNSET_MAX, |
| 544 | }; | 582 | }; |
| 545 | #define NFTA_DYNSET_MAX (__NFTA_DYNSET_MAX - 1) | 583 | #define NFTA_DYNSET_MAX (__NFTA_DYNSET_MAX - 1) |
diff --git a/include/uapi/linux/netfilter_bridge/ebtables.h b/include/uapi/linux/netfilter_bridge/ebtables.h index ba993360dbe9..773dfe8924c7 100644 --- a/include/uapi/linux/netfilter_bridge/ebtables.h +++ b/include/uapi/linux/netfilter_bridge/ebtables.h | |||
| @@ -12,9 +12,7 @@ | |||
| 12 | 12 | ||
| 13 | #ifndef _UAPI__LINUX_BRIDGE_EFF_H | 13 | #ifndef _UAPI__LINUX_BRIDGE_EFF_H |
| 14 | #define _UAPI__LINUX_BRIDGE_EFF_H | 14 | #define _UAPI__LINUX_BRIDGE_EFF_H |
| 15 | #include <linux/if.h> | ||
| 16 | #include <linux/netfilter_bridge.h> | 15 | #include <linux/netfilter_bridge.h> |
| 17 | #include <linux/if_ether.h> | ||
| 18 | 16 | ||
| 19 | #define EBT_TABLE_MAXNAMELEN 32 | 17 | #define EBT_TABLE_MAXNAMELEN 32 |
| 20 | #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN | 18 | #define EBT_CHAIN_MAXNAMELEN EBT_TABLE_MAXNAMELEN |