netfilter: nft: add queue module
This patch adds a new nft module named "nft_queue" which provides a new nftables expression that allows you to enqueue packets to userspace via the nfnetlink_queue subsystem. It provides the same level of functionality as NFQUEUE and it shares some code with it. Signed-off-by: Eric Leblond <eric@regit.org> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Eric Leblond
Pablo Neira Ayuso
parent
97a2d41c47
commit
0aff078d58
4 changed files with 164 additions and 0 deletions
|
|
@ -657,6 +657,26 @@ enum nft_log_attributes {
|
|||
};
|
||||
#define NFTA_LOG_MAX (__NFTA_LOG_MAX - 1)
|
||||
|
||||
/**
|
||||
* enum nft_queue_attributes - nf_tables queue expression netlink attributes
|
||||
*
|
||||
* @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
|
||||
* @NFTA_QUEUE_TOTAL: number of queues to load balance packets on (NLA_U16)
|
||||
* @NFTA_QUEUE_FLAGS: various flags (NLA_U16)
|
||||
*/
|
||||
enum nft_queue_attributes {
|
||||
NFTA_QUEUE_UNSPEC,
|
||||
NFTA_QUEUE_NUM,
|
||||
NFTA_QUEUE_TOTAL,
|
||||
NFTA_QUEUE_FLAGS,
|
||||
__NFTA_QUEUE_MAX
|
||||
};
|
||||
#define NFTA_QUEUE_MAX (__NFTA_QUEUE_MAX - 1)
|
||||
|
||||
#define NFT_QUEUE_FLAG_BYPASS 0x01 /* for compatibility with v2 */
|
||||
#define NFT_QUEUE_FLAG_CPU_FANOUT 0x02 /* use current CPU (no hashing) */
|
||||
#define NFT_QUEUE_FLAG_MASK 0x03
|
||||
|
||||
/**
|
||||
* enum nft_reject_types - nf_tables reject expression reject types
|
||||
*
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue