From 69510465b4f255b91bc79c451ece1b07c40113d8 Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 8 Jan 2014 18:00:19 +0000 Subject: libnftables: add support for inet family and mete nfproto/l4proto expressions Signed-off-by: Patrick McHardy --- src/chain.c | 1 + src/expr/meta.c | 4 +++- src/utils.c | 4 ++++ 3 files changed, 8 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/chain.c b/src/chain.c index a0004b5..b1a692a 100644 --- a/src/chain.c +++ b/src/chain.c @@ -50,6 +50,7 @@ static const char *nft_hooknum2str(int family, int hooknum) switch (family) { case NFPROTO_IPV4: case NFPROTO_IPV6: + case NFPROTO_INET: case NFPROTO_BRIDGE: switch (hooknum) { case NF_INET_PRE_ROUTING: diff --git a/src/expr/meta.c b/src/expr/meta.c index 6899d69..490d64a 100644 --- a/src/expr/meta.c +++ b/src/expr/meta.c @@ -23,7 +23,7 @@ #include "expr_ops.h" #ifndef NFT_META_MAX -#define NFT_META_MAX (NFT_META_SECMARK + 1) +#define NFT_META_MAX (NFT_META_L4PROTO + 1) #endif struct nft_expr_meta { @@ -139,6 +139,8 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr) const char *meta_key2str_array[NFT_META_MAX] = { [NFT_META_LEN] = "len", [NFT_META_PROTOCOL] = "protocol", + [NFT_META_NFPROTO] = "nfproto", + [NFT_META_L4PROTO] = "l4proto", [NFT_META_PRIORITY] = "priority", [NFT_META_MARK] = "mark", [NFT_META_IIF] = "iif", diff --git a/src/utils.c b/src/utils.c index 2415917..6fd8e03 100644 --- a/src/utils.c +++ b/src/utils.c @@ -27,6 +27,8 @@ const char *nft_family2str(uint32_t family) return "ip"; case AF_INET6: return "ip6"; + case 1: + return "inet"; case AF_BRIDGE: return "bridge"; case 3: /* NFPROTO_ARP */ @@ -42,6 +44,8 @@ int nft_str2family(const char *family) return AF_INET; else if (strcmp(family, "ip6") == 0) return AF_INET6; + else if (strcmp(family, "inet") == 0) + return 1; else if (strcmp(family, "bridge") == 0) return AF_BRIDGE; else if (strcmp(family, "arp") == 0) -- cgit v1.2.3