diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-26 20:23:07 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-28 23:08:20 +0100 |
commit | 35f9338e6ae0169b9a8fd665d4f02608224010c5 (patch) | |
tree | efed8635d49e5180e155827c6221c52b6b801ed9 /src/netlink_delinearize.c | |
parent | a54d7b05fb241dae62039d2c200e9a18941cf250 (diff) |
netlink: add support to set meta keys
Arturo Borrero added kernel support to set meta keys in
http://patchwork.ozlabs.org/patch/305281/ and the corresponding
library support in http://patchwork.ozlabs.org/patch/305283/.
This patch enhances nft to use this new kernel feature. The
following example shows how to set the packet mark.
% nft add rule ip filter input meta mark set 22
% nft list table filter
table ip filter {
chain input {
type filter hook input priority 0;
meta mark set 0x00000016
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 37 |
1 files changed, 34 insertions, 3 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 7e4e38c4..d1d35f85 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -325,9 +325,9 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, expr); } -static void netlink_parse_meta(struct netlink_parse_ctx *ctx, - const struct location *loc, - const struct nft_rule_expr *nle) +static void netlink_parse_meta_dreg(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) { struct expr *expr; @@ -338,6 +338,33 @@ static void netlink_parse_meta(struct netlink_parse_ctx *ctx, expr); } +static void netlink_parse_meta_sreg(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) +{ + struct stmt *stmt; + struct expr *expr; + + expr = netlink_get_register(ctx, loc, + nft_rule_expr_get_u8(nle, NFT_EXPR_META_SREG)); + stmt = meta_stmt_alloc(loc, + nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY), + expr); + expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder); + + list_add_tail(&stmt->list, &ctx->rule->stmts); +} + +static void netlink_parse_meta(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) +{ + if (nft_rule_expr_is_set(nle, NFT_EXPR_META_DREG)) + netlink_parse_meta_dreg(ctx, loc, nle); + else + netlink_parse_meta_sreg(ctx, loc, nle); +} + static void netlink_parse_ct(struct netlink_parse_ctx *ctx, const struct location *loc, const struct nft_rule_expr *nle) @@ -786,6 +813,10 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r case STMT_EXPRESSION: expr_postprocess(&rctx, stmt, &stmt->expr); break; + case STMT_META: + if (stmt->meta.expr != NULL) + expr_postprocess(&rctx, stmt, &stmt->meta.expr); + break; case STMT_NAT: if (stmt->nat.addr != NULL) expr_postprocess(&rctx, stmt, &stmt->nat.addr); |