diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-09 03:42:55 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:18:43 +0200 |
commit | 30d45266bf38b209df33e4df1a116c60531ae3e5 (patch) | |
tree | af94699ae6d6a58edf84aabfff31bc82ff44e642 /src/evaluate.c | |
parent | 57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff) |
expr: extend fwd statement to support address and family
Allow to forward packets through to explicit destination and interface.
nft add rule netdev x y fwd ip to 192.168.2.200 device eth0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 27 |
1 files changed, 24 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 039e02db..ba218ecb 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2512,19 +2512,40 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt) static int stmt_evaluate_fwd(struct eval_ctx *ctx, struct stmt *stmt) { - int err; + const struct datatype *dtype; + int err, len; switch (ctx->pctx.family) { case NFPROTO_NETDEV: - if (stmt->fwd.to == NULL) + if (stmt->fwd.dev == NULL) return stmt_error(ctx, stmt, "missing destination interface"); err = stmt_evaluate_arg(ctx, stmt, &ifindex_type, sizeof(uint32_t) * BITS_PER_BYTE, - BYTEORDER_HOST_ENDIAN, &stmt->fwd.to); + BYTEORDER_HOST_ENDIAN, &stmt->fwd.dev); if (err < 0) return err; + + if (stmt->fwd.addr != NULL) { + switch (stmt->fwd.family) { + case NFPROTO_IPV4: + dtype = &ipaddr_type; + len = 4 * BITS_PER_BYTE; + break; + case NFPROTO_IPV6: + dtype = &ip6addr_type; + len = 16 * BITS_PER_BYTE; + break; + default: + return stmt_error(ctx, stmt, "missing family"); + } + err = stmt_evaluate_arg(ctx, stmt, dtype, len, + BYTEORDER_BIG_ENDIAN, + &stmt->fwd.addr); + if (err < 0) + return err; + } break; default: return stmt_error(ctx, stmt, "unsupported family"); |