diff options
| author | Ana Rey <anarey@gmail.com> | 2014-08-06 13:52:49 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-08-24 14:06:39 +0200 |
| commit | e2a093ff0dbfa4c5d99f25241cf33325e9691d91 (patch) | |
| tree | fc8538f532be4897462c3a0c77618c97356e7fac /include | |
| parent | uapi: netfilter_arp: use __u8 instead of u_int8_t (diff) | |
| download | linux-e2a093ff0dbfa4c5d99f25241cf33325e9691d91.tar.xz linux-e2a093ff0dbfa4c5d99f25241cf33325e9691d91.zip | |
netfilter: nft_meta: add pkttype support
Add pkttype support for ip, ipv6 and inet families of tables.
This allows you to fetch the meta packet type based on the link layer
information. The loopback traffic is a special case, the packet type
is guessed from the network layer header.
No special handling for bridge and arp since we're not going to see
such traffic in the loopback interface.
Joint work with Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/uapi/linux/netfilter/nf_tables.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h index 801bdd1e56e3..98144cdd8986 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h @@ -571,6 +571,7 @@ enum nft_exthdr_attributes { * @NFT_META_L4PROTO: layer 4 protocol number * @NFT_META_BRI_IIFNAME: packet input bridge interface name * @NFT_META_BRI_OIFNAME: packet output bridge interface name + * @NFT_META_PKTTYPE: packet type (skb->pkt_type), special handling for loopback */ enum nft_meta_keys { NFT_META_LEN, @@ -592,6 +593,7 @@ enum nft_meta_keys { NFT_META_L4PROTO, NFT_META_BRI_IIFNAME, NFT_META_BRI_OIFNAME, + NFT_META_PKTTYPE, }; /** |