diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-07 01:04:07 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-08 18:11:06 +0100 |
commit | 3b49e2e94e6ebb8b23d0955d9e898254455734f8 (patch) | |
tree | 4813ba6f535ed50d5e4472fcc15d09c755726ac2 /include/net/netfilter/nf_flow_table.h | |
parent | netfilter: nf_conntrack: add IPS_OFFLOAD status bit (diff) | |
download | wireguard-linux-3b49e2e94e6ebb8b23d0955d9e898254455734f8.tar.xz wireguard-linux-3b49e2e94e6ebb8b23d0955d9e898254455734f8.zip |
netfilter: nf_tables: add flow table netlink frontend
This patch introduces a netlink control plane to create, delete and dump
flow tables. Flow tables are identified by name, this name is used from
rules to refer to an specific flow table. Flow tables use the rhashtable
class and a generic garbage collector to remove expired entries.
This also adds the infrastructure to add different flow table types, so
we can add one for each layer 3 protocol family.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net/netfilter/nf_flow_table.h')
-rw-r--r-- | include/net/netfilter/nf_flow_table.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_flow_table.h b/include/net/netfilter/nf_flow_table.h new file mode 100644 index 000000000000..3a0779589281 --- /dev/null +++ b/include/net/netfilter/nf_flow_table.h @@ -0,0 +1,23 @@ +#ifndef _NF_FLOW_TABLE_H +#define _NF_FLOW_TABLE_H + +#include <linux/rhashtable.h> + +struct nf_flowtable; + +struct nf_flowtable_type { + struct list_head list; + int family; + void (*gc)(struct work_struct *work); + const struct rhashtable_params *params; + nf_hookfn *hook; + struct module *owner; +}; + +struct nf_flowtable { + struct rhashtable rhashtable; + const struct nf_flowtable_type *type; + struct delayed_work gc_work; +}; + +#endif /* _FLOW_OFFLOAD_H */ |