netfilter: nf_tables: allow to specify stateful expression in set definition

This patch allows users to specify the stateful expression for the elements in this set via NFTA_SET_EXPR. This new feature allows you to turn on counters for all of the elements in this set. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-17 14:13:46 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-03-19 11:37:31 +0100
commit: 65038428b2c6c5be79d3f78a6b79c0cdc3a58a41 (patch)
tree: c649c9b64ecaf1305beee75f1d5b904c558120f6 /include/net/netfilter
parent: 0c2a85edd143162b3a698f31e94bf8cdc041da87 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index af2ed70d7eed..642bc3ef81aa 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -416,6 +416,7 @@ struct nft_set_type {
  *	@policy: set parameterization (see enum nft_set_policies)
  *	@udlen: user data length
  *	@udata: user data
+ *	@expr: stateful expression
  * 	@ops: set ops
  * 	@flags: set flags
  *	@genmask: generation mask
@@ -444,6 +445,7 @@ struct nft_set {
 	u16				policy;
 	u16				udlen;
 	unsigned char			*udata;
+	struct nft_expr			*expr;
 	/* runtime data below here */
 	const struct nft_set_ops	*ops ____cacheline_aligned;
 	u16				flags:14,
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-17 14:13:46 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-03-19 11:37:31 +0100
commit	65038428b2c6c5be79d3f78a6b79c0cdc3a58a41 (patch)
tree	c649c9b64ecaf1305beee75f1d5b904c558120f6 /include/net/netfilter
parent	0c2a85edd143162b3a698f31e94bf8cdc041da87 (diff)