diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-09 03:42:55 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:18:43 +0200 |
commit | 30d45266bf38b209df33e4df1a116c60531ae3e5 (patch) | |
tree | af94699ae6d6a58edf84aabfff31bc82ff44e642 /include | |
parent | 57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff) |
expr: extend fwd statement to support address and family
Allow to forward packets through to explicit destination and interface.
nft add rule netdev x y fwd ip to 192.168.2.200 device eth0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 4 | ||||
-rw-r--r-- | include/statement.h | 4 |
2 files changed, 7 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 40d43271..f46239ec 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -1253,10 +1253,14 @@ enum nft_dup_attributes { * enum nft_fwd_attributes - nf_tables fwd expression netlink attributes * * @NFTA_FWD_SREG_DEV: source register of output interface (NLA_U32: nft_register) + * @NFTA_FWD_SREG_ADDR: source register of destination address (NLA_U32: nft_register) + * @NFTA_FWD_NFPROTO: layer 3 family of source register address (NLA_U32: enum nfproto) */ enum nft_fwd_attributes { NFTA_FWD_UNSPEC, NFTA_FWD_SREG_DEV, + NFTA_FWD_SREG_ADDR, + NFTA_FWD_NFPROTO, __NFTA_FWD_MAX }; #define NFTA_FWD_MAX (__NFTA_FWD_MAX - 1) diff --git a/include/statement.h b/include/statement.h index d4bcaf3a..5a907aa4 100644 --- a/include/statement.h +++ b/include/statement.h @@ -164,7 +164,9 @@ struct stmt *dup_stmt_alloc(const struct location *loc); uint32_t dup_stmt_type(const char *type); struct fwd_stmt { - struct expr *to; + uint8_t family; + struct expr *addr; + struct expr *dev; }; struct stmt *fwd_stmt_alloc(const struct location *loc); |