src: add stateful object reference expression

This patch adds a new objref statement to refer to existing stateful objects from rules, eg. # nft add rule filter input counter name test counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-27 23:34:57 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-01-03 14:21:53 +0100
commit: b139f738f558d6afb8c8f3e73526f578b059abd6 (patch)
tree: 2d1b575ee0058f988b43bb43970ab13162a87da0 /src/evaluate.c
parent: 0eaedf58acad4214dd827515c56b9da26ab9e9e3 (diff)
1 files changed, 16 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index cedf259f..b868f1bc 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2464,6 +2464,20 @@ static int stmt_evaluate_set(struct eval_ctx *ctx, struct stmt *stmt)
 	return 0;
 }
 
+static int stmt_evaluate_objref(struct eval_ctx *ctx, struct stmt *stmt)
+{
+	if (stmt_evaluate_arg(ctx, stmt,
+			      &string_type, NFT_OBJ_MAXNAMELEN * BITS_PER_BYTE,
+			      &stmt->objref.expr) < 0)
+		return -1;
+
+	if (!expr_is_constant(stmt->objref.expr))
+		return expr_error(ctx->msgs, stmt->objref.expr,
+				  "Counter expression must be constant");
+
+	return 0;
+}
+
 int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
 {
 #ifdef DEBUG
@@ -2511,6 +2525,8 @@ int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
 		return stmt_evaluate_fwd(ctx, stmt);
 	case STMT_SET:
 		return stmt_evaluate_set(ctx, stmt);
+	case STMT_OBJREF:
+		return stmt_evaluate_objref(ctx, stmt);
 	default:
 		BUG("unknown statement type %s\n", stmt->ops->name);
 	}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-27 23:34:57 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-01-03 14:21:53 +0100
commit	b139f738f558d6afb8c8f3e73526f578b059abd6 (patch)
tree	2d1b575ee0058f988b43bb43970ab13162a87da0 /src/evaluate.c
parent	0eaedf58acad4214dd827515c56b9da26ab9e9e3 (diff)