netfilter: nft_ct: Add support to set the connmark

This patch adds kernel support for setting properties of tracked connections. Currently, only connmark is supported. One use-case for this feature is to provide the same functionality as -j CONNMARK --save-mark in iptables. Some restructuring was needed to implement the set op. The new structure follows that of nft_meta. Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Kristian Evensen <kristian.evensen@gmail.com> 2014-01-07 16:43:54 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2014-01-09 19:07:44 +0100
commit: c4ede3d3821a732120fd671846c2606a1eb4e8b3 (patch)
tree: 5f36dcf17d27abb86778eba8b072d811d3c901ab /include
parent: 9638f33ecf7e1b7eb844603c1137bc3468902c17 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 448593c07120..83c985a6170b 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -609,12 +609,14 @@ enum nft_ct_keys {
  * @NFTA_CT_DREG: destination register (NLA_U32)
  * @NFTA_CT_KEY: conntrack data item to load (NLA_U32: nft_ct_keys)
  * @NFTA_CT_DIRECTION: direction in case of directional keys (NLA_U8)
+ * @NFTA_CT_SREG: source register (NLA_U32)
  */
 enum nft_ct_attributes {
 	NFTA_CT_UNSPEC,
 	NFTA_CT_DREG,
 	NFTA_CT_KEY,
 	NFTA_CT_DIRECTION,
+	NFTA_CT_SREG,
 	__NFTA_CT_MAX
 };
 #define NFTA_CT_MAX		(__NFTA_CT_MAX - 1)
author	Kristian Evensen <kristian.evensen@gmail.com>	2014-01-07 16:43:54 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2014-01-09 19:07:44 +0100
commit	c4ede3d3821a732120fd671846c2606a1eb4e8b3 (patch)
tree	5f36dcf17d27abb86778eba8b072d811d3c901ab /include
parent	9638f33ecf7e1b7eb844603c1137bc3468902c17 (diff)