mirror of
https://git.netfilter.org/libnftnl
synced 2026-01-28 03:14:09 +00:00
e3b58fe8fc
Only vxlan gbp can work before this patch because NFTNL_OBJ_TUNNEL_ERSPAN_V2_DIR is off by one in the internal object flags. Replace them by NFTNL_OBJ_TUNNEL_OPTS and add two new opaque nftnl_tunnel_opts and nftnl_tunnel_opt structs to represent tunnel options. - nftnl_tunnel_opt_alloc() allocates one tunnel option. - nftnl_tunnel_opt_set() to sets it up. - nftnl_tunnel_opt_get() to get the option attribute. Then, to manage the list of options: - nftnl_tunnel_opts_alloc() allocates a list of tunnel options. - nftnl_tunnel_opts_add() adds a option to the list. Although vxlan and erspan support for a single tunnel option at this stage, this API prepares for supporting gevene which allows for more tunnel options. Joint work with Fernando. Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
115 lines
2.5 KiB
C
115 lines
2.5 KiB
C
#ifndef _OBJ_OPS_H_
|
|
#define _OBJ_OPS_H_
|
|
|
|
#include <stdint.h>
|
|
#include <libnftnl/object.h> /* For NFTNL_CTTIMEOUT_ARRAY_MAX. */
|
|
#include "internal.h"
|
|
|
|
struct nlattr;
|
|
struct nlmsghdr;
|
|
struct nftnl_obj;
|
|
|
|
struct nftnl_obj {
|
|
struct list_head head;
|
|
struct obj_ops *ops;
|
|
|
|
const char *table;
|
|
const char *name;
|
|
|
|
uint32_t family;
|
|
uint32_t use;
|
|
|
|
uint32_t flags;
|
|
uint64_t handle;
|
|
|
|
struct {
|
|
void *data;
|
|
uint32_t len;
|
|
} user;
|
|
|
|
union {
|
|
struct nftnl_obj_counter {
|
|
uint64_t pkts;
|
|
uint64_t bytes;
|
|
} counter;
|
|
struct nftnl_obj_quota {
|
|
uint64_t bytes;
|
|
uint64_t consumed;
|
|
uint32_t flags;
|
|
} quota;
|
|
struct nftnl_obj_ct_helper {
|
|
uint16_t l3proto;
|
|
uint8_t l4proto;
|
|
char name[16];
|
|
} ct_helper;
|
|
struct nftnl_obj_ct_timeout {
|
|
uint16_t l3proto;
|
|
uint8_t l4proto;
|
|
uint32_t timeout[NFTNL_CTTIMEOUT_ARRAY_MAX];
|
|
} ct_timeout;
|
|
struct nftnl_obj_ct_expect {
|
|
uint16_t l3proto;
|
|
uint16_t dport;
|
|
uint8_t l4proto;
|
|
uint8_t size;
|
|
uint32_t timeout;
|
|
} ct_expect;
|
|
struct nftnl_obj_limit {
|
|
uint64_t rate;
|
|
uint64_t unit;
|
|
uint32_t burst;
|
|
uint32_t type;
|
|
uint32_t flags;
|
|
} limit;
|
|
struct nftnl_obj_synproxy {
|
|
uint16_t mss;
|
|
uint8_t wscale;
|
|
uint32_t flags;
|
|
} synproxy;
|
|
struct nftnl_obj_tunnel {
|
|
uint32_t id;
|
|
uint32_t src_v4;
|
|
uint32_t dst_v4;
|
|
struct in6_addr src_v6;
|
|
struct in6_addr dst_v6;
|
|
uint16_t sport;
|
|
uint16_t dport;
|
|
uint32_t flowlabel;
|
|
uint32_t tun_flags;
|
|
uint8_t tun_tos;
|
|
uint8_t tun_ttl;
|
|
struct nftnl_tunnel_opts *tun_opts;
|
|
} tunnel;
|
|
struct nftnl_obj_secmark {
|
|
char ctx[NFT_SECMARK_CTX_MAXLEN];
|
|
} secmark;
|
|
} data;
|
|
};
|
|
|
|
struct obj_ops {
|
|
const char *name;
|
|
uint32_t type;
|
|
size_t alloc_len;
|
|
int nftnl_max_attr;
|
|
struct attr_policy *attr_policy;
|
|
int (*set)(struct nftnl_obj *e, uint16_t type, const void *data, uint32_t data_len);
|
|
const void *(*get)(const struct nftnl_obj *e, uint16_t type, uint32_t *data_len);
|
|
int (*parse)(struct nftnl_obj *e, struct nlattr *attr);
|
|
void (*build)(struct nlmsghdr *nlh, const struct nftnl_obj *e);
|
|
int (*output)(char *buf, size_t len, uint32_t flags, const struct nftnl_obj *e);
|
|
};
|
|
|
|
extern struct obj_ops obj_ops_counter;
|
|
extern struct obj_ops obj_ops_quota;
|
|
extern struct obj_ops obj_ops_ct_helper;
|
|
extern struct obj_ops obj_ops_ct_timeout;
|
|
extern struct obj_ops obj_ops_ct_expect;
|
|
extern struct obj_ops obj_ops_limit;
|
|
extern struct obj_ops obj_ops_synproxy;
|
|
extern struct obj_ops obj_ops_tunnel;
|
|
extern struct obj_ops obj_ops_secmark;
|
|
|
|
#define nftnl_obj_data(obj) (void *)&obj->data
|
|
|
|
#endif
|