netfilter: nft_payload: layer 4 checksum adjustment for pseudoheader fields

[mirror_ubuntu-bionic-kernel.git] / include / uapi / linux / netfilter / nf_tables.h

diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index c6c4477c136b9f77749088bc8b054f853b45b0f6..f030e59aa2ece17b5dfaa2d248983449cb83bde6 100644 (file)
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -659,6 +659,10 @@ enum nft_payload_csum_types {
        NFT_PAYLOAD_CSUM_INET,
 };
 
+enum nft_payload_csum_flags {
+       NFT_PAYLOAD_L4CSUM_PSEUDOHDR = (1 << 0),
+};
+
 /**
  * enum nft_payload_attributes - nf_tables payload expression netlink attributes
  *
@@ -669,6 +673,7 @@ enum nft_payload_csum_types {
  * @NFTA_PAYLOAD_SREG: source register to load data from (NLA_U32: nft_registers)
  * @NFTA_PAYLOAD_CSUM_TYPE: checksum type (NLA_U32)
  * @NFTA_PAYLOAD_CSUM_OFFSET: checksum offset relative to base (NLA_U32)
+ * @NFTA_PAYLOAD_CSUM_FLAGS: checksum flags (NLA_U32)
  */
 enum nft_payload_attributes {
        NFTA_PAYLOAD_UNSPEC,
@@ -679,6 +684,7 @@ enum nft_payload_attributes {
        NFTA_PAYLOAD_SREG,
        NFTA_PAYLOAD_CSUM_TYPE,
        NFTA_PAYLOAD_CSUM_OFFSET,
+       NFTA_PAYLOAD_CSUM_FLAGS,
        __NFTA_PAYLOAD_MAX
 };
 #define NFTA_PAYLOAD_MAX       (__NFTA_PAYLOAD_MAX - 1)
@@ -758,6 +764,19 @@ enum nft_meta_keys {
        NFT_META_PRANDOM,
 };
 
+/**
+ * enum nft_rt_keys - nf_tables routing expression keys
+ *
+ * @NFT_RT_CLASSID: realm value of packet's route (skb->dst->tclassid)
+ * @NFT_RT_NEXTHOP4: routing nexthop for IPv4
+ * @NFT_RT_NEXTHOP6: routing nexthop for IPv6
+ */
+enum nft_rt_keys {
+       NFT_RT_CLASSID,
+       NFT_RT_NEXTHOP4,
+       NFT_RT_NEXTHOP6,
+};
+
 /**
  * enum nft_hash_attributes - nf_tables hash expression netlink attributes
  *
@@ -796,6 +815,20 @@ enum nft_meta_attributes {
 };
 #define NFTA_META_MAX          (__NFTA_META_MAX - 1)
 
+/**
+ * enum nft_rt_attributes - nf_tables routing expression netlink attributes
+ *
+ * @NFTA_RT_DREG: destination register (NLA_U32)
+ * @NFTA_RT_KEY: routing data item to load (NLA_U32: nft_rt_keys)
+ */
+enum nft_rt_attributes {
+       NFTA_RT_UNSPEC,
+       NFTA_RT_DREG,
+       NFTA_RT_KEY,
+       __NFTA_RT_MAX
+};
+#define NFTA_RT_MAX            (__NFTA_RT_MAX - 1)
+
 /**
  * enum nft_ct_keys - nf_tables ct expression keys
  *
@@ -1109,6 +1142,42 @@ enum nft_gen_attributes {
 };
 #define NFTA_GEN_MAX           (__NFTA_GEN_MAX - 1)
 
+/*
+ * enum nft_fib_attributes - nf_tables fib expression netlink attributes
+ *
+ * @NFTA_FIB_DREG: destination register (NLA_U32)
+ * @NFTA_FIB_RESULT: desired result (NLA_U32)
+ * @NFTA_FIB_FLAGS: flowi fields to initialize when querying the FIB (NLA_U32)
+ *
+ * The FIB expression performs a route lookup according
+ * to the packet data.
+ */
+enum nft_fib_attributes {
+       NFTA_FIB_UNSPEC,
+       NFTA_FIB_DREG,
+       NFTA_FIB_RESULT,
+       NFTA_FIB_FLAGS,
+       __NFTA_FIB_MAX
+};
+#define NFTA_FIB_MAX (__NFTA_FIB_MAX - 1)
+
+enum nft_fib_result {
+       NFT_FIB_RESULT_UNSPEC,
+       NFT_FIB_RESULT_OIF,
+       NFT_FIB_RESULT_OIFNAME,
+       NFT_FIB_RESULT_ADDRTYPE,
+       __NFT_FIB_RESULT_MAX
+};
+#define NFT_FIB_RESULT_MAX     (__NFT_FIB_RESULT_MAX - 1)
+
+enum nft_fib_flags {
+       NFTA_FIB_F_SADDR        = 1 << 0,       /* look up src */
+       NFTA_FIB_F_DADDR        = 1 << 1,       /* look up dst */
+       NFTA_FIB_F_MARK         = 1 << 2,       /* use skb->mark */
+       NFTA_FIB_F_IIF          = 1 << 3,       /* restrict to iif */
+       NFTA_FIB_F_OIF          = 1 << 4,       /* restrict to oif */
+};
+
 /**
  * enum nft_trace_attributes - nf_tables trace netlink attributes
  *