netfilter: nf_tables: add packet duplication to the netdev family

You can use this to duplicate packets and inject them at the egress path of the specified interface. This duplication allows you to inspect traffic from the dummy or any other interface dedicated to this purpose. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso 2016-01-03 21:02:18 +0100
committer: Pablo Neira Ayuso 2016-01-03 21:04:23 +0100
commit: 502061f81d3eb4518d2e72178e494a8547788ad0 (patch)
tree: ed6697361ecf824620c428b0ad5cc221bd67351b /include/net/netfilter/nf_dup_netdev.h
parent: netfilter: nft_limit: allow to invert matching criteria (diff)
download: kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.gz
kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.xz
kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_dup_netdev.h b/include/net/netfilter/nf_dup_netdev.h
new file mode 100644
index 000000000000..397dcae349f9
--- /dev/null
+++ b/include/net/netfilter/nf_dup_netdev.h
@@ -0,0 +1,6 @@
+#ifndef _NF_DUP_NETDEV_H_
+#define _NF_DUP_NETDEV_H_
+
+void nf_dup_netdev_egress(const struct nft_pktinfo *pkt, int oif);
+
+#endif
author	Pablo Neira Ayuso	2016-01-03 21:02:18 +0100
committer	Pablo Neira Ayuso	2016-01-03 21:04:23 +0100
commit	502061f81d3eb4518d2e72178e494a8547788ad0 (patch)
tree	ed6697361ecf824620c428b0ad5cc221bd67351b /include/net/netfilter/nf_dup_netdev.h
parent	netfilter: nft_limit: allow to invert matching criteria (diff)
download	kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.gz kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.tar.xz kernel-qcow2-linux-502061f81d3eb4518d2e72178e494a8547788ad0.zip