summaryrefslogtreecommitdiffstats
path: root/src/evaluate.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2017-11-09 03:42:55 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-06-06 19:18:43 +0200
commit30d45266bf38b209df33e4df1a116c60531ae3e5 (patch)
treeaf94699ae6d6a58edf84aabfff31bc82ff44e642 /src/evaluate.c
parent57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff)
expr: extend fwd statement to support address and family
Allow to forward packets through to explicit destination and interface. nft add rule netdev x y fwd ip to 192.168.2.200 device eth0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r--src/evaluate.c27
1 files changed, 24 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 039e02db..ba218ecb 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2512,19 +2512,40 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt)
static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt)
{
- int err;
+ const struct datatype *dtype;
+ int err, len;
switch (ctx->pctx.family) {
case NFPROTO_NETDEV:
- if (stmt->fwd.to == NULL)
+ if (stmt->fwd.dev == NULL)
return stmt_error(ctx, stmt,
"missing destination interface");
err = stmt_evaluate_arg(ctx, stmt, &ifindex_type,
sizeof(uint32_t) * BITS_PER_BYTE,
- BYTEORDER_HOST_ENDIAN, &stmt->fwd.to);
+ BYTEORDER_HOST_ENDIAN, &stmt->fwd.dev);
if (err < 0)
return err;
+
+ if (stmt->fwd.addr != NULL) {
+ switch (stmt->fwd.family) {
+ case NFPROTO_IPV4:
+ dtype = &ipaddr_type;
+ len = 4 * BITS_PER_BYTE;
+ break;
+ case NFPROTO_IPV6:
+ dtype = &ip6addr_type;
+ len = 16 * BITS_PER_BYTE;
+ break;
+ default:
+ return stmt_error(ctx, stmt, "missing family");
+ }
+ err = stmt_evaluate_arg(ctx, stmt, dtype, len,
+ BYTEORDER_BIG_ENDIAN,
+ &stmt->fwd.addr);
+ if (err < 0)
+ return err;
+ }
break;
default:
return stmt_error(ctx, stmt, "unsupported family");