diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-19 12:49:53 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-31 22:32:18 +0100 |
commit | 8a236ef68cd43af81fac10c5b58658514273a14e (patch) | |
tree | 5968a7a58ae55623a73154bb25843d6e365c2ac2 /src/evaluate.c | |
parent | 55e7822dbe8c70d067b63ea8518359639386e7c6 (diff) |
src: add dup statement for netdev
This patch contains the missing chunk to add support for the netdev
family. Part of the support slipped through in the original patch to
add the dup statement for IPv4 and IPv6.
# nft add table netdev filter
# nft add chain netdev filter ingress { type filter hook ingress device eth0 priority 0\; }
# nft add rule netdev filter ingress dup to dummy0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 6277f14e..ce132e3c 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1864,6 +1864,21 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt) return err; } break; + case NFPROTO_NETDEV: + if (stmt->dup.to == NULL) + return stmt_error(ctx, stmt, + "missing destination interface"); + if (stmt->dup.dev != NULL) + return stmt_error(ctx, stmt, "cannot specify device"); + + err = stmt_evaluate_arg(ctx, stmt, &ifindex_type, + sizeof(uint32_t) * BITS_PER_BYTE, + &stmt->dup.to); + if (err < 0) + return err; + break; + default: + return stmt_error(ctx, stmt, "unsupported family"); } return 0; } |