diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-09 19:52:28 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-07 01:00:31 +0100 |
commit | ba0e4d9917b43dfa746cbbcb4477da59aae73bd6 (patch) | |
tree | b8665d2f2be0764277f19fb0a45c59dff4650259 /include/net | |
parent | netfilter: nf_tables: performance set policy skips size description in selection (diff) | |
download | linux-ba0e4d9917b43dfa746cbbcb4477da59aae73bd6.tar.xz linux-ba0e4d9917b43dfa746cbbcb4477da59aae73bd6.zip |
netfilter: nf_tables: get set elements via netlink
This patch adds a new get operation to look up for specific elements in
a set via netlink interface. You can also use it to check if an interval
already exists.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r-- | include/net/netfilter/nf_tables.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h index 0f5b12a4ad09..d011e56cc7a9 100644 --- a/include/net/netfilter/nf_tables.h +++ b/include/net/netfilter/nf_tables.h @@ -311,6 +311,7 @@ struct nft_expr; * @flush: deactivate element in the next generation * @remove: remove element from set * @walk: iterate over all set elemeennts + * @get: get set elements * @privsize: function to return size of set private data * @init: initialize private data of new set instance * @destroy: destroy private data of set instance @@ -350,6 +351,10 @@ struct nft_set_ops { void (*walk)(const struct nft_ctx *ctx, struct nft_set *set, struct nft_set_iter *iter); + void * (*get)(const struct net *net, + const struct nft_set *set, + const struct nft_set_elem *elem, + unsigned int flags); unsigned int (*privsize)(const struct nlattr * const nla[], const struct nft_set_desc *desc); |