netfilter: nft_exthdr: add TCP option matching

[mirror_ubuntu-artful-kernel.git] / include / uapi / linux / netfilter / nf_tables.h

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index 3e60ed78c538baba378f6c5a1f5f83992c06740e..207951516ede9c06414fe6c3cc6cff8eb17ff695 100644 (file)
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -709,13 +709,27 @@ enum nft_exthdr_flags {
 };
 
 /**
- * enum nft_exthdr_attributes - nf_tables IPv6 extension header expression netlink attributes
+ * enum nft_exthdr_op - nf_tables match options
+ *
+ * @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
+ * @NFT_EXTHDR_OP_TCP: match against tcp options
+ */
+enum nft_exthdr_op {
+       NFT_EXTHDR_OP_IPV6,
+       NFT_EXTHDR_OP_TCPOPT,
+       __NFT_EXTHDR_OP_MAX
+};
+#define NFT_EXTHDR_OP_MAX      (__NFT_EXTHDR_OP_MAX - 1)
+
+/**
+ * enum nft_exthdr_attributes - nf_tables extension header expression netlink attributes
  *
  * @NFTA_EXTHDR_DREG: destination register (NLA_U32: nft_registers)
  * @NFTA_EXTHDR_TYPE: extension header type (NLA_U8)
  * @NFTA_EXTHDR_OFFSET: extension header offset (NLA_U32)
  * @NFTA_EXTHDR_LEN: extension header length (NLA_U32)
  * @NFTA_EXTHDR_FLAGS: extension header flags (NLA_U32)
+ * @NFTA_EXTHDR_OP: option match type (NLA_U8)
  */
 enum nft_exthdr_attributes {
        NFTA_EXTHDR_UNSPEC,
@@ -724,6 +738,7 @@ enum nft_exthdr_attributes {
        NFTA_EXTHDR_OFFSET,
        NFTA_EXTHDR_LEN,
        NFTA_EXTHDR_FLAGS,
+       NFTA_EXTHDR_OP,
        __NFTA_EXTHDR_MAX
 };
 #define NFTA_EXTHDR_MAX                (__NFTA_EXTHDR_MAX - 1)