include: refresh linux/netfilter/nf_tables.h

Get us in sync with kernel tree header file.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 6c0c9efddad6e548433e21b98e61c985e75ebb86..05215d30fe5c9853b7871e799ccdce4878a04ef1 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -207,6 +207,7 @@ enum nft_chain_attributes {
  * @NFTA_RULE_COMPAT: compatibility specifications of the rule (NLA_NESTED: nft_rule_compat_attributes)
  * @NFTA_RULE_POSITION: numeric handle of the previous rule (NLA_U64)
  * @NFTA_RULE_USERDATA: user data (NLA_BINARY, NFT_USERDATA_MAXLEN)
+ * @NFTA_RULE_ID: uniquely identifies a rule in a transaction (NLA_U32)
  */
 enum nft_rule_attributes {
        NFTA_RULE_UNSPEC,
@@ -218,6 +219,7 @@ enum nft_rule_attributes {
        NFTA_RULE_POSITION,
        NFTA_RULE_USERDATA,
        NFTA_RULE_PAD,
+       NFTA_RULE_ID,
        __NFTA_RULE_MAX
 };
 #define NFTA_RULE_MAX          (__NFTA_RULE_MAX - 1)
@@ -235,7 +237,7 @@ enum nft_rule_compat_flags {
 /**
  * enum nft_rule_compat_attributes - nf_tables rule compat attributes
  *
- * @NFTA_RULE_COMPAT_PROTO: numerice value of handled protocol (NLA_U32)
+ * @NFTA_RULE_COMPAT_PROTO: numeric value of handled protocol (NLA_U32)
  * @NFTA_RULE_COMPAT_FLAGS: bitmask of enum nft_rule_compat_flags (NLA_U32)
  */
 enum nft_rule_compat_attributes {
@@ -499,7 +501,7 @@ enum nft_bitwise_attributes {
  * enum nft_byteorder_ops - nf_tables byteorder operators
  *
  * @NFT_BYTEORDER_NTOH: network to host operator
- * @NFT_BYTEORDER_HTON: host to network opertaor
+ * @NFT_BYTEORDER_HTON: host to network operator
  */
 enum nft_byteorder_ops {
        NFT_BYTEORDER_NTOH,
@@ -704,6 +706,23 @@ enum nft_payload_attributes {
 };
 #define NFTA_PAYLOAD_MAX       (__NFTA_PAYLOAD_MAX - 1)
 
+enum nft_exthdr_flags {
+       NFT_EXTHDR_F_PRESENT = (1 << 0),
+};
+
+/**
+ * enum nft_exthdr_op - nf_tables match options
+ *
+ * @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
+ * @NFT_EXTHDR_OP_TCP: match against tcp options
+ */
+enum nft_exthdr_op {
+       NFT_EXTHDR_OP_IPV6,
+       NFT_EXTHDR_OP_TCPOPT,
+       __NFT_EXTHDR_OP_MAX
+};
+#define NFT_EXTHDR_OP_MAX      (__NFT_EXTHDR_OP_MAX - 1)
+
 /**
  * enum nft_exthdr_attributes - nf_tables extension header expression netlink attributes
  *
@@ -711,6 +730,7 @@ enum nft_payload_attributes {
  * @NFTA_EXTHDR_TYPE: extension header type (NLA_U8)
  * @NFTA_EXTHDR_OFFSET: extension header offset (NLA_U32)
  * @NFTA_EXTHDR_LEN: extension header length (NLA_U32)
+ * @NFTA_EXTHDR_FLAGS: extension header flags (NLA_U32)
  * @NFTA_EXTHDR_OP: option match type (NLA_U8)
  */
 enum nft_exthdr_attributes {
@@ -719,24 +739,12 @@ enum nft_exthdr_attributes {
        NFTA_EXTHDR_TYPE,
        NFTA_EXTHDR_OFFSET,
        NFTA_EXTHDR_LEN,
+       NFTA_EXTHDR_FLAGS,
        NFTA_EXTHDR_OP,
        __NFTA_EXTHDR_MAX
 };
 #define NFTA_EXTHDR_MAX                (__NFTA_EXTHDR_MAX - 1)
 
-/**
- * enum nft_exthdr_op - nf_tables match options
- *
- * @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
- * @NFT_EXTHDR_OP_TCP: match against tcp options
- */
-enum nft_exthdr_op {
-       NFT_EXTHDR_OP_IPV6,
-       NFT_EXTHDR_OP_TCPOPT,
-       __NFT_EXTHDR_OP_MAX
-};
-#define NFT_EXTHDR_OP_MAX      (__NFT_EXTHDR_OP_MAX - 1)
-
 /**
  * enum nft_meta_keys - nf_tables meta expression keys
  *
@@ -879,6 +887,7 @@ enum nft_rt_attributes {
  * @NFT_CT_PKTS: conntrack packets
  * @NFT_CT_BYTES: conntrack bytes
  * @NFT_CT_AVGPKT: conntrack average bytes per packet
+ * @NFT_CT_ZONE: conntrack zone
  */
 enum nft_ct_keys {
        NFT_CT_STATE,
@@ -898,6 +907,7 @@ enum nft_ct_keys {
        NFT_CT_PKTS,
        NFT_CT_BYTES,
        NFT_CT_AVGPKT,
+       NFT_CT_ZONE,
 };
 
 /**