@@ -1,10 +1,12 @@
+/* SPDX-License-Identifier: GPL-2.0 WITH Linux-syscall-note */
#ifndef _LINUX_NF_TABLES_H
#define _LINUX_NF_TABLES_H
-#define NFT_TABLE_MAXNAMELEN 32
-#define NFT_CHAIN_MAXNAMELEN 32
-#define NFT_SET_MAXNAMELEN 32
-#define NFT_OBJ_MAXNAMELEN 32
+#define NFT_NAME_MAXLEN 256
+#define NFT_TABLE_MAXNAMELEN NFT_NAME_MAXLEN
+#define NFT_CHAIN_MAXNAMELEN NFT_NAME_MAXLEN
+#define NFT_SET_MAXNAMELEN NFT_NAME_MAXLEN
+#define NFT_OBJ_MAXNAMELEN NFT_NAME_MAXLEN
#define NFT_USERDATA_MAXLEN 256
/**
@@ -317,7 +319,7 @@ enum nft_set_desc_attributes {
* @NFTA_SET_GC_INTERVAL: garbage collection interval (NLA_U32)
* @NFTA_SET_USERDATA: user data (NLA_BINARY)
* @NFTA_SET_OBJ_TYPE: stateful object type (NLA_U32: NFT_OBJECT_*)
- * @NFTA_SET_HANDLE: numerical table handle (NLA_U64)
+ * @NFTA_SET_HANDLE: set handle (NLA_U64)
*/
enum nft_set_attributes {
NFTA_SET_UNSPEC,
@@ -822,13 +824,16 @@ enum nft_meta_keys {
* @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid)
* @NFT_RT_NEXTHOP4: routing nexthop for IPv4
* @NFT_RT_NEXTHOP6: routing nexthop for IPv6
+ * @NFT_RT_TCPMSS: fetch current path tcp mss
*/
enum nft_rt_keys {
NFT_RT_CLASSID,
NFT_RT_NEXTHOP4,
NFT_RT_NEXTHOP6,
NFT_RT_TCPMSS,
+ __NFT_RT_MAX
};
+#define NFT_RT_MAX (__NFT_RT_MAX - 1)
/**
* enum nft_hash_types - nf_tables hash expression types
@@ -950,7 +955,9 @@ enum nft_ct_keys {
NFT_CT_DST_IP,
NFT_CT_SRC_IP6,
NFT_CT_DST_IP6,
+ __NFT_CT_MAX
};
+#define NFT_CT_MAX (__NFT_CT_MAX - 1)
/**
* enum nft_ct_attributes - nf_tables ct expression netlink attributes
@@ -1259,6 +1266,8 @@ enum nft_objref_attributes {
enum nft_gen_attributes {
NFTA_GEN_UNSPEC,
NFTA_GEN_ID,
+ NFTA_GEN_PROC_PID,
+ NFTA_GEN_PROC_NAME,
__NFTA_GEN_MAX
};
#define NFTA_GEN_MAX (__NFTA_GEN_MAX - 1)
@@ -1322,10 +1331,10 @@ enum nft_ct_helper_attributes {
*
* @NFTA_OBJ_TABLE: name of the table containing the expression (NLA_STRING)
* @NFTA_OBJ_NAME: name of this expression type (NLA_STRING)
- * @NFTA_OBJ_HANDLE: numeric object handle (NLA_U64)
* @NFTA_OBJ_TYPE: stateful object type (NLA_U32)
* @NFTA_OBJ_DATA: stateful object data (NLA_NESTED)
* @NFTA_OBJ_USE: number of references to this expression (NLA_U32)
+ * @NFTA_OBJ_HANDLE: object handle (NLA_U64)
*/
enum nft_object_attributes {
NFTA_OBJ_UNSPEC,
@@ -1335,6 +1344,7 @@ enum nft_object_attributes {
NFTA_OBJ_DATA,
NFTA_OBJ_USE,
NFTA_OBJ_HANDLE,
+ NFTA_OBJ_PAD,
__NFTA_OBJ_MAX
};
#define NFTA_OBJ_MAX (__NFTA_OBJ_MAX - 1)
@@ -1347,8 +1357,6 @@ enum nft_object_attributes {
* @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
* @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
* @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
- * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32)
- * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)
*/
enum nft_flowtable_attributes {
NFTA_FLOWTABLE_UNSPEC,
@@ -1358,8 +1366,6 @@ enum nft_flowtable_attributes {
NFTA_FLOWTABLE_USE,
NFTA_FLOWTABLE_HANDLE,
NFTA_FLOWTABLE_PAD,
- NFTA_FLOWTABLE_SIZE,
- NFTA_FLOWTABLE_FLAGS,
__NFTA_FLOWTABLE_MAX
};
#define NFTA_FLOWTABLE_MAX (__NFTA_FLOWTABLE_MAX - 1)
@@ -1453,7 +1459,7 @@ enum nft_trace_types {
* @NFTA_NG_TYPE: operation type (NLA_U32)
* @NFTA_NG_OFFSET: offset to be added to the counter (NLA_U32)
* @NFTA_NG_SET_NAME: name of the map to lookup (NLA_STRING)
- * @NFTA_NG_SET_ID: if of the map (NLA_U32)
+ * @NFTA_NG_SET_ID: id of the map (NLA_U32)
*/
enum nft_ng_attributes {
NFTA_NG_UNSPEC,
@@ -175,7 +175,6 @@ static const char *ctkey2str_array[NFT_CT_MAX] = {
[NFT_CT_SRC_IP] = "src_ip",
[NFT_CT_DST_IP] = "dst_ip",
[NFT_CT_SRC_IP6] = "src_ip6",
- [NFT_CT_DST_IP6] = "dst_ip6",
};
static const char *ctkey2str(uint32_t ctkey)
@@ -120,7 +120,6 @@ static const char *rt_key2str_array[NFT_RT_MAX] = {
[NFT_RT_CLASSID] = "classid",
[NFT_RT_NEXTHOP4] = "nexthop4",
[NFT_RT_NEXTHOP6] = "nexthop6",
- [NFT_RT_TCPMSS] = "tcpmss",
};
static const char *rt_key2str(uint8_t key)
@@ -294,12 +294,8 @@ void nftnl_flowtable_nlmsg_build_payload(struct nlmsghdr *nlh,
}
mnl_attr_nest_end(nlh, nest);
}
- if (c->flags & (1 << NFTNL_FLOWTABLE_FLAGS))
- mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_FLAGS, htonl(c->ft_flags));
if (c->flags & (1 << NFTNL_FLOWTABLE_USE))
mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_USE, htonl(c->use));
- if (c->flags & (1 << NFTNL_FLOWTABLE_SIZE))
- mnl_attr_put_u32(nlh, NFTA_FLOWTABLE_SIZE, htonl(c->size));
}
EXPORT_SYMBOL(nftnl_flowtable_nlmsg_build_payload);
@@ -321,7 +317,6 @@ static int nftnl_flowtable_parse_attr_cb(const struct nlattr *attr, void *data)
if (mnl_attr_validate(attr, MNL_TYPE_NESTED) < 0)
abi_breakage();
break;
- case NFTA_FLOWTABLE_FLAGS:
case NFTA_FLOWTABLE_USE:
if (mnl_attr_validate(attr, MNL_TYPE_U32) < 0)
abi_breakage();
@@ -442,18 +437,10 @@ int nftnl_flowtable_nlmsg_parse(const struct nlmsghdr *nlh, struct nftnl_flowtab
if (ret < 0)
return ret;
}
- if (tb[NFTA_FLOWTABLE_FLAGS]) {
- c->ft_flags = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_FLAGS]));
- c->flags |= (1 << NFTNL_FLOWTABLE_FLAGS);
- }
if (tb[NFTA_FLOWTABLE_USE]) {
c->use = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_USE]));
c->flags |= (1 << NFTNL_FLOWTABLE_USE);
}
- if (tb[NFTA_FLOWTABLE_SIZE]) {
- c->size = ntohl(mnl_attr_get_u32(tb[NFTA_FLOWTABLE_SIZE]));
- c->flags |= (1 << NFTNL_FLOWTABLE_SIZE);
- }
c->family = nfg->nfgen_family;
c->flags |= (1 << NFTNL_FLOWTABLE_FAMILY);
I'm not sure if every change is appropriate, but there is certainly some inconsistency between this header file in the kernel and in here. A review might be necessary even if this patch is not to be allpied. -- 8< -- Signed-off-by: Máté Eckl <ecklm94@gmail.com> --- include/linux/netfilter/nf_tables.h | 28 +++++++++++++++++----------- src/expr/ct.c | 1 - src/expr/rt.c | 1 - src/flowtable.c | 13 ------------- 4 files changed, 17 insertions(+), 26 deletions(-)