include: refresh nf_tables.h cached copy

Refresh it to fetch what we have in 5.3-rc1.

Remove NFT_OSF_F_VERSION definition, this is already available in
include/linux/netfilter/nf_tables.h

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index adc08935fb58d2240569808b55430c8afab598cc..82abaa183fc30623fac2edf08dbae404cbd3bb14 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -192,6 +192,7 @@ enum nft_table_attributes {
  * @NFTA_CHAIN_USE: number of references to this chain (NLA_U32)
  * @NFTA_CHAIN_TYPE: type name of the string (NLA_NUL_STRING)
  * @NFTA_CHAIN_COUNTERS: counter specification of the chain (NLA_NESTED: nft_counter_attributes)
+ * @NFTA_CHAIN_FLAGS: chain flags
  */
 enum nft_chain_attributes {
        NFTA_CHAIN_UNSPEC,
@@ -204,6 +205,7 @@ enum nft_chain_attributes {
        NFTA_CHAIN_TYPE,
        NFTA_CHAIN_COUNTERS,
        NFTA_CHAIN_PAD,
+       NFTA_CHAIN_FLAGS,
        __NFTA_CHAIN_MAX
 };
 #define NFTA_CHAIN_MAX         (__NFTA_CHAIN_MAX - 1)
@@ -730,7 +732,7 @@ enum nft_exthdr_flags {
  *
  * @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
  * @NFT_EXTHDR_OP_TCP: match against tcp options
- * @NFT_EXTHDR_OP_IPV4: match against ip options
+ * @NFT_EXTHDR_OP_IPV4: match against ipv4 options
  */
 enum nft_exthdr_op {
        NFT_EXTHDR_OP_IPV6,
@@ -795,6 +797,8 @@ enum nft_exthdr_attributes {
  * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
  * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
  * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_BRI_IIFPVID: packet input bridge port pvid
+ * @NFT_META_BRI_IIFVPROTO: packet input bridge vlan proto
  */
 enum nft_meta_keys {
        NFT_META_LEN,
@@ -825,6 +829,8 @@ enum nft_meta_keys {
        NFT_META_SECPATH,
        NFT_META_IIFKIND,
        NFT_META_OIFKIND,
+       NFT_META_BRI_IIFPVID,
+       NFT_META_BRI_IIFVPROTO,
 };
 
 /**
@@ -968,6 +974,7 @@ enum nft_socket_keys {
  * @NFT_CT_DST_IP: conntrack layer 3 protocol destination (IPv4 address)
  * @NFT_CT_SRC_IP6: conntrack layer 3 protocol source (IPv6 address)
  * @NFT_CT_DST_IP6: conntrack layer 3 protocol destination (IPv6 address)
+ * @NFT_CT_ID: conntrack id
  */
 enum nft_ct_keys {
        NFT_CT_STATE,
@@ -993,6 +1000,7 @@ enum nft_ct_keys {
        NFT_CT_DST_IP,
        NFT_CT_SRC_IP6,
        NFT_CT_DST_IP6,
+       NFT_CT_ID,
        __NFT_CT_MAX
 };
 #define NFT_CT_MAX             (__NFT_CT_MAX - 1)
@@ -1445,7 +1453,7 @@ enum nft_ct_timeout_timeout_attributes {
 };
 #define NFTA_CT_TIMEOUT_MAX    (__NFTA_CT_TIMEOUT_MAX - 1)
 
-enum nft_ct_expect_attributes {
+enum nft_ct_expectation_attributes {
        NFTA_CT_EXPECT_UNSPEC,
        NFTA_CT_EXPECT_L3PROTO,
        NFTA_CT_EXPECT_L4PROTO,
@@ -1534,18 +1542,23 @@ enum nft_flowtable_hook_attributes {
  *
  * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers)
  * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8)
+ * @NFTA_OSF_FLAGS: flags (NLA_U32)
  */
 enum nft_osf_attributes {
        NFTA_OSF_UNSPEC,
        NFTA_OSF_DREG,
        NFTA_OSF_TTL,
+       NFTA_OSF_FLAGS,
        __NFTA_OSF_MAX,
 };
 #define NFTA_OSF_MAX (__NFTA_OSF_MAX - 1)
 
+enum nft_osf_flags {
+       NFT_OSF_F_VERSION = (1 << 0),
+};
+
 /**
- * enum nft_synproxy_attributes - nftables synproxy expression
- * netlink attributes
+ * enum nft_synproxy_attributes - nf_tables synproxy expression netlink attributes
  *
  * @NFTA_SYNPROXY_MSS: mss value sent to the backend (NLA_U16)
  * @NFTA_SYNPROXY_WSCALE: wscale value sent to the backend (NLA_U8)

diff --git a/include/osf.h b/include/osf.h
index 2eef257c2b5110b286985a78bd0cbf272439b4b2..8f6f5840620e21d6a2d3ccfe109e93b10ada3f10 100644 (file)
--- a/include/osf.h
+++ b/include/osf.h
@@ -1,8 +1,6 @@
 #ifndef NFTABLES_OSF_H
 #define NFTABLES_OSF_H
 
-#define NFT_OSF_F_VERSION      0x1
-
 struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl,
                            const uint32_t flags);