Netfilter-Devel Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH libnftnl] include: resync nf_tables.h cache copy
@ 2019-08-13 19:43 Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-13 19:43 UTC (permalink / raw)
  To: netfilter-devel

Get this header in sync with 5.3-rc1.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/nf_tables.h | 124 ++++++++++++++++++++++++------------
 1 file changed, 82 insertions(+), 42 deletions(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 1bf4346c5278..82abaa183fc3 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -8,6 +8,7 @@
 #define NFT_SET_MAXNAMELEN	NFT_NAME_MAXLEN
 #define NFT_OBJ_MAXNAMELEN	NFT_NAME_MAXLEN
 #define NFT_USERDATA_MAXLEN	256
+#define NFT_OSF_MAXGENRELEN	16
 
 /**
  * enum nft_registers - nf_tables registers
@@ -191,6 +192,7 @@ enum nft_table_attributes {
  * @NFTA_CHAIN_USE: number of references to this chain (NLA_U32)
  * @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING)
  * @NFTA_CHAIN_COUNTERS: counter specification of the chain (NLA_NESTED: nft_counter_attributes)
+ * @NFTA_CHAIN_FLAGS: chain flags
  */
 enum nft_chain_attributes {
 	NFTA_CHAIN_UNSPEC,
@@ -203,6 +205,7 @@ enum nft_chain_attributes {
 	NFTA_CHAIN_TYPE,
 	NFTA_CHAIN_COUNTERS,
 	NFTA_CHAIN_PAD,
+	NFTA_CHAIN_FLAGS,
 	__NFTA_CHAIN_MAX
 };
 #define NFTA_CHAIN_MAX		(__NFTA_CHAIN_MAX - 1)
@@ -268,7 +271,7 @@ enum nft_rule_compat_attributes {
  * @NFT_SET_INTERVAL: set contains intervals
  * @NFT_SET_MAP: set is used as a dictionary
  * @NFT_SET_TIMEOUT: set uses timeouts
- * @NFT_SET_EVAL: set contains expressions for evaluation
+ * @NFT_SET_EVAL: set can be updated from the evaluation path
  * @NFT_SET_OBJECT: set contains stateful objects
  */
 enum nft_set_flags {
@@ -794,6 +797,8 @@ enum nft_exthdr_attributes {
  * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
  * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
  * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_BRI_IIFPVID: packet input bridge port pvid
+ * @NFT_META_BRI_IIFVPROTO: packet input bridge vlan proto
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -824,6 +829,8 @@ enum nft_meta_keys {
 	NFT_META_SECPATH,
 	NFT_META_IIFKIND,
 	NFT_META_OIFKIND,
+	NFT_META_BRI_IIFPVID,
+	NFT_META_BRI_IIFVPROTO,
 };
 
 /**
@@ -942,39 +949,6 @@ enum nft_socket_keys {
 #define NFT_SOCKET_MAX	(__NFT_SOCKET_MAX - 1)
 
 /**
- * enum nft_osf_attributes - nf_tables osf expression netlink attributes
- *
- * @NFTA_OSF_DREG: destination register (NLA_U32)
- * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
- * @NFTA_OSF_FLAGS: flags (NLA_U32)
- */
-enum nft_osf_attributes {
-	NFTA_OSF_UNSPEC,
-	NFTA_OSF_DREG,
-	NFTA_OSF_TTL,
-	NFTA_OSF_FLAGS,
-	__NFTA_OSF_MAX,
-};
-#define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1)
-
-/**
- * enum nft_synproxy_attributes - nf_tables synproxy expression
- * netlink attributes
- *
- * @NFTA_SYNPROXY_MSS: mss value sent to the backend (NLA_U16)
- * @NFTA_SYNPROXY_WSCALE: wscale value sent to the backend (NLA_U8)
- * @NFTA_SYNPROXY_FLAGS: flags (NLA_U32)
- */
-enum nft_synproxy_attributes {
-	NFTA_SYNPROXY_UNSPEC,
-	NFTA_SYNPROXY_MSS,
-	NFTA_SYNPROXY_WSCALE,
-	NFTA_SYNPROXY_FLAGS,
-	__NFTA_SYNPROXY_MAX,
-};
-#define NFTA_SYNPROXY_MAX (__NFTA_SYNPROXY_MAX - 1)
-
-/**
  * enum nft_ct_keys - nf_tables ct expression keys
  *
  * @NFT_CT_STATE: conntrack state (bitmask of enum ip_conntrack_info)
@@ -1000,7 +974,6 @@ enum nft_synproxy_attributes {
  * @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
  * @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
  * @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
- * @NFT_CT_TIMEOUT: connection tracking timeout policy assigned to conntrack
  * @NFT_CT_ID: conntrack id
  */
 enum nft_ct_keys {
@@ -1027,7 +1000,6 @@ enum nft_ct_keys {
 	NFT_CT_DST_IP,
 	NFT_CT_SRC_IP6,
 	NFT_CT_DST_IP6,
-	NFT_CT_TIMEOUT,
 	NFT_CT_ID,
 	__NFT_CT_MAX
 };
@@ -1148,6 +1120,33 @@ enum nft_log_attributes {
 #define NFTA_LOG_MAX		(__NFTA_LOG_MAX - 1)
 
 /**
+ * enum nft_log_level - nf_tables log levels
+ *
+ * @NFT_LOGLEVEL_EMERG: system is unusable
+ * @NFT_LOGLEVEL_ALERT: action must be taken immediately
+ * @NFT_LOGLEVEL_CRIT: critical conditions
+ * @NFT_LOGLEVEL_ERR: error conditions
+ * @NFT_LOGLEVEL_WARNING: warning conditions
+ * @NFT_LOGLEVEL_NOTICE: normal but significant condition
+ * @NFT_LOGLEVEL_INFO: informational
+ * @NFT_LOGLEVEL_DEBUG: debug-level messages
+ * @NFT_LOGLEVEL_AUDIT: enabling audit logging
+ */
+enum nft_log_level {
+	NFT_LOGLEVEL_EMERG,
+	NFT_LOGLEVEL_ALERT,
+	NFT_LOGLEVEL_CRIT,
+	NFT_LOGLEVEL_ERR,
+	NFT_LOGLEVEL_WARNING,
+	NFT_LOGLEVEL_NOTICE,
+	NFT_LOGLEVEL_INFO,
+	NFT_LOGLEVEL_DEBUG,
+	NFT_LOGLEVEL_AUDIT,
+	__NFT_LOGLEVEL_MAX
+};
+#define NFT_LOGLEVEL_MAX	(__NFT_LOGLEVEL_MAX - 1)
+
+/**
  * enum nft_queue_attributes - nf_tables queue expression netlink attributes
  *
  * @NFTA_QUEUE_NUM: netlink queue to send messages to (NLA_U16)
@@ -1192,7 +1191,7 @@ enum nft_quota_attributes {
 #define NFTA_QUOTA_MAX		(__NFTA_QUOTA_MAX - 1)
 
 /**
- * enum nft_secmark_attributes - nf_tables secmark expression netlink attributes
+ * enum nft_secmark_attributes - nf_tables secmark object netlink attributes
  *
  * @NFTA_SECMARK_CTX: security context (NLA_STRING)
  */
@@ -1445,7 +1444,7 @@ enum nft_ct_helper_attributes {
 };
 #define NFTA_CT_HELPER_MAX	(__NFTA_CT_HELPER_MAX - 1)
 
-enum nft_ct_timeout_attributes {
+enum nft_ct_timeout_timeout_attributes {
 	NFTA_CT_TIMEOUT_UNSPEC,
 	NFTA_CT_TIMEOUT_L3PROTO,
 	NFTA_CT_TIMEOUT_L4PROTO,
@@ -1509,8 +1508,6 @@ enum nft_object_attributes {
  * @NFTA_FLOWTABLE_HOOK: netfilter hook configuration(NLA_U32)
  * @NFTA_FLOWTABLE_USE: number of references to this flow table (NLA_U32)
  * @NFTA_FLOWTABLE_HANDLE: object handle (NLA_U64)
- * @NFTA_FLOWTABLE_SIZE: maximum size (NLA_U32)
- * @NFTA_FLOWTABLE_FLAGS: flags (NLA_U32)
  */
 enum nft_flowtable_attributes {
 	NFTA_FLOWTABLE_UNSPEC,
@@ -1520,8 +1517,6 @@ enum nft_flowtable_attributes {
 	NFTA_FLOWTABLE_USE,
 	NFTA_FLOWTABLE_HANDLE,
 	NFTA_FLOWTABLE_PAD,
-	NFTA_FLOWTABLE_SIZE,
-	NFTA_FLOWTABLE_FLAGS,
 	__NFTA_FLOWTABLE_MAX
 };
 #define NFTA_FLOWTABLE_MAX	(__NFTA_FLOWTABLE_MAX - 1)
@@ -1543,6 +1538,42 @@ enum nft_flowtable_hook_attributes {
 #define NFTA_FLOWTABLE_HOOK_MAX	(__NFTA_FLOWTABLE_HOOK_MAX - 1)
 
 /**
+ * enum nft_osf_attributes - nftables osf expression netlink attributes
+ *
+ * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers)
+ * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
+ * @NFTA_OSF_FLAGS: flags (NLA_U32)
+ */
+enum nft_osf_attributes {
+	NFTA_OSF_UNSPEC,
+	NFTA_OSF_DREG,
+	NFTA_OSF_TTL,
+	NFTA_OSF_FLAGS,
+	__NFTA_OSF_MAX,
+};
+#define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1)
+
+enum nft_osf_flags {
+	NFT_OSF_F_VERSION = (1 << 0),
+};
+
+/**
+ * enum nft_synproxy_attributes - nf_tables synproxy expression netlink attributes
+ *
+ * @NFTA_SYNPROXY_MSS: mss value sent to the backend (NLA_U16)
+ * @NFTA_SYNPROXY_WSCALE: wscale value sent to the backend (NLA_U8)
+ * @NFTA_SYNPROXY_FLAGS: flags (NLA_U32)
+ */
+enum nft_synproxy_attributes {
+	NFTA_SYNPROXY_UNSPEC,
+	NFTA_SYNPROXY_MSS,
+	NFTA_SYNPROXY_WSCALE,
+	NFTA_SYNPROXY_FLAGS,
+	__NFTA_SYNPROXY_MAX,
+};
+#define NFTA_SYNPROXY_MAX (__NFTA_SYNPROXY_MAX - 1)
+
+/**
  * enum nft_device_attributes - nf_tables device netlink attributes
  *
  * @NFTA_DEVICE_NAME: name of this device (NLA_STRING)
@@ -1738,10 +1769,19 @@ enum nft_tunnel_keys {
 };
 #define NFT_TUNNEL_MAX	(__NFT_TUNNEL_MAX - 1)
 
+enum nft_tunnel_mode {
+	NFT_TUNNEL_MODE_NONE,
+	NFT_TUNNEL_MODE_RX,
+	NFT_TUNNEL_MODE_TX,
+	__NFT_TUNNEL_MODE_MAX
+};
+#define NFT_TUNNEL_MODE_MAX	(__NFT_TUNNEL_MODE_MAX - 1)
+
 enum nft_tunnel_attributes {
 	NFTA_TUNNEL_UNSPEC,
 	NFTA_TUNNEL_KEY,
 	NFTA_TUNNEL_DREG,
+	NFTA_TUNNEL_MODE,
 	__NFTA_TUNNEL_MAX
 };
 #define NFTA_TUNNEL_MAX	(__NFTA_TUNNEL_MAX - 1)
-- 
2.11.0



^ permalink raw reply	[flat|nested] 2+ messages in thread

* [PATCH libnftnl] include: resync nf_tables.h cache copy
@ 2016-09-02 10:02 Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2016-09-02 10:02 UTC (permalink / raw)
  To: netfilter-devel

Sync this with the kernel header file we currently have in tree.

This patch addresses the compilation warning and breakage as result of
this header update, specifically the "attibute" typo in trace and
missing default case in expr/numgen.c.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/nf_tables.h | 84 ++++++++++++++++++-------------------
 src/expr/numgen.c                   |  4 +-
 src/trace.c                         |  2 +-
 3 files changed, 44 insertions(+), 46 deletions(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 0b11abf..8a63f22 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -667,33 +667,6 @@ enum nft_exthdr_attributes {
 #define NFTA_EXTHDR_MAX		(__NFTA_EXTHDR_MAX - 1)
 
 /**
- * enum nft_ng_attributes - nf_tables number generator expression attributes
- *
- * @NFTA_NG_DREG: destination register (NLA_U32)
- * @NFTA_NG_UNTIL: limit value (NLA_U32)
- * @NFTA_NG_TYPE: type of operation (NLA_U32)
- */
-enum nft_ng_attributes {
-	NFTA_NG_UNSPEC,
-	NFTA_NG_DREG,
-	NFTA_NG_UNTIL,
-	NFTA_NG_TYPE,
-	__NFTA_NG_MAX
-};
-#define NFTA_NG_MAX		(__NFTA_NG_MAX - 1)
-
-/**
- * enum nft_ng_type - nf_tables number generator expression reject types
- *
- * @NFT_NG_INCREMENTAL: Incremental number generator
- * @NFT_NG_RANDOM: Random number generator
- */
-enum nft_ng_type {
-	NFT_NG_INCREMENTAL,
-	NFT_NG_RANDOM
-};
-
-/**
  * enum nft_meta_keys - nf_tables meta expression keys
  *
  * @NFT_META_LEN: packet length (skb->len)
@@ -751,6 +724,26 @@ enum nft_meta_keys {
 };
 
 /**
+ * enum nft_hash_attributes - nf_tables hash expression netlink attributes
+ *
+ * @NFTA_HASH_SREG: source register (NLA_U32)
+ * @NFTA_HASH_DREG: destination register (NLA_U32)
+ * @NFTA_HASH_LEN: source data length (NLA_U32)
+ * @NFTA_HASH_MODULUS: modulus value (NLA_U32)
+ * @NFTA_HASH_SEED: seed value (NLA_U32)
+ */
+enum nft_hash_attributes {
+	NFTA_HASH_UNSPEC,
+	NFTA_HASH_SREG,
+	NFTA_HASH_DREG,
+	NFTA_HASH_LEN,
+	NFTA_HASH_MODULUS,
+	NFTA_HASH_SEED,
+	__NFTA_HASH_MAX,
+};
+#define NFTA_HASH_MAX	(__NFTA_HASH_MAX - 1)
+
+/**
  * enum nft_meta_attributes - nf_tables meta expression netlink attributes
  *
  * @NFTA_META_DREG: destination register (NLA_U32)
@@ -908,7 +901,7 @@ enum nft_queue_attributes {
 #define NFT_QUEUE_FLAG_MASK		0x03
 
 enum nft_quota_flags {
-	NFT_QUOTA_F_INV	= (1 << 0),
+	NFT_QUOTA_F_INV		= (1 << 0),
 };
 
 /**
@@ -1097,7 +1090,7 @@ enum nft_gen_attributes {
  * @NFTA_TRACE_NFPROTO: nf protocol processed (NLA_U32)
  * @NFTA_TRACE_POLICY: policy that decided fate of packet (NLA_U32)
  */
-enum nft_trace_attibutes {
+enum nft_trace_attributes {
 	NFTA_TRACE_UNSPEC,
 	NFTA_TRACE_TABLE,
 	NFTA_TRACE_CHAIN,
@@ -1130,23 +1123,26 @@ enum nft_trace_types {
 #define NFT_TRACETYPE_MAX (__NFT_TRACETYPE_MAX - 1)
 
 /**
- * enum nft_hash_attributes - nf_tables hash expression attributes
+ * enum nft_ng_attributes - nf_tables number generator expression netlink attributes
  *
- * @NFTA_HASH_SREG: source register (NLA_U32)
- * @NFTA_HASH_DREG: destination register (NLA_U32)
- * @NFTA_HASH_LEN: data length (NLA_U32)
- * @NFTA_HASH_MODULUS: Modulus value (NLA_U32)
- * @NFTA_HASH_SEED: hash initial value (NLA_U32)
+ * @NFTA_NG_DREG: destination register (NLA_U32)
+ * @NFTA_NG_UNTIL: source value to increment the counter until reset (NLA_U32)
+ * @NFTA_NG_TYPE: operation type (NLA_U32)
  */
-enum nft_hash_attributes {
-	NFTA_HASH_UNSPEC,
-	NFTA_HASH_SREG,
-	NFTA_HASH_DREG,
-	NFTA_HASH_LEN,
-	NFTA_HASH_MODULUS,
-	NFTA_HASH_SEED,
-	__NFTA_HASH_MAX
+enum nft_ng_attributes {
+	NFTA_NG_UNSPEC,
+	NFTA_NG_DREG,
+	NFTA_NG_UNTIL,
+	NFTA_NG_TYPE,
+	__NFTA_NG_MAX
+};
+#define NFTA_NG_MAX	(__NFTA_NG_MAX - 1)
+
+enum nft_ng_types {
+	NFT_NG_INCREMENTAL,
+	NFT_NG_RANDOM,
+	__NFT_NG_MAX
 };
-#define NFTA_HASH_MAX		(__NFTA_HASH_MAX - 1)
+#define NFT_NG_MAX	(__NFT_NG_MAX - 1)
 
 #endif /* _LINUX_NF_TABLES_H */
diff --git a/src/expr/numgen.c b/src/expr/numgen.c
index 0669eda..7f2b425 100644
--- a/src/expr/numgen.c
+++ b/src/expr/numgen.c
@@ -23,7 +23,7 @@
 struct nftnl_expr_ng {
 	enum nft_registers	dreg;
 	unsigned int		until;
-	enum nft_ng_type	type;
+	enum nft_ng_types	type;
 };
 
 static int
@@ -200,6 +200,8 @@ nftnl_expr_ng_snprintf_default(char *buf, size_t size,
 			       ng->until);
 		SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
 		break;
+	default:
+		break;
 	}
 
 	return offset;
diff --git a/src/trace.c b/src/trace.c
index 1a50390..2b3388d 100644
--- a/src/trace.c
+++ b/src/trace.c
@@ -79,7 +79,7 @@ bool nftnl_trace_is_set(const struct nftnl_trace *t, uint16_t attr)
 static int nftnl_trace_parse_attr_cb(const struct nlattr *attr, void *data)
 {
 	const struct nlattr **tb = data;
-	enum nft_trace_attibutes type = mnl_attr_get_type(attr);
+	enum nft_trace_attributes type = mnl_attr_get_type(attr);
 
 	if (mnl_attr_type_valid(attr, NFTA_TRACE_MAX) < 0)
 		return MNL_CB_OK;
-- 
2.1.4


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-13 19:43 [PATCH libnftnl] include: resync nf_tables.h cache copy Pablo Neira Ayuso
  -- strict thread matches above, loose matches on Subject: below --
2016-09-02 10:02 Pablo Neira Ayuso

Netfilter-Devel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/netfilter-devel/0 netfilter-devel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 netfilter-devel netfilter-devel/ https://lore.kernel.org/netfilter-devel \
		netfilter-devel@vger.kernel.org netfilter-devel@archiver.kernel.org
	public-inbox-index netfilter-devel


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.netfilter-devel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox