netfilter: nf_tables: add NFTA_RULE_ID attribute

This new attribute allows us to uniquely identify a rule in transaction. Robots may trigger an insertion followed by deletion in a batch, in that scenario we still don't have a public rule handle that we can use to delete the rule. This is similar to the NFTA_SET_ID attribute that allows us to refer to an anonymous set from a batch. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-10 12:08:23 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-02-12 14:45:13 +0100
commit: 1a94e38d254b3622d5d53f74b3b716b0fcab0ba8 (patch)
tree: 58a49f5fc667dea423a331fa5665897c574d1edb
parent: 74e8bcd21c40dbbb3d74fa904536f8a3bddafed3 (diff)
3 files changed, 31 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-02-10 12:08:23 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-02-12 14:45:13 +0100
commit	1a94e38d254b3622d5d53f74b3b716b0fcab0ba8 (patch)
tree	58a49f5fc667dea423a331fa5665897c574d1edb
parent	74e8bcd21c40dbbb3d74fa904536f8a3bddafed3 (diff)