diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-14 22:19:07 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-14 22:19:12 +0100 |
commit | a84921d7c0de950632ab4630dd4f7ad763e9e453 (patch) | |
tree | a2077597cf08c04df2066d1b21d60874f94d36c7 /src/netlink_linearize.c | |
parent | 75bbb065740e184a8d910db014fdb8949cc5f18e (diff) |
src: add notrack support
This patch adds the notrack statement, to skip connection tracking for
certain packets.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 6c0f39bf..2bee6844 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1095,6 +1095,15 @@ static void netlink_gen_ct_stmt(struct netlink_linearize_ctx *ctx, nftnl_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_notrack_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nftnl_expr *nle; + + nle = alloc_nft_expr("notrack"); + nftnl_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -1190,6 +1199,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, nle = netlink_gen_stmt_stateful(ctx, stmt); nftnl_rule_add_expr(ctx->nlr, nle); break; + case STMT_NOTRACK: + return netlink_gen_notrack_stmt(ctx, stmt); default: BUG("unknown statement type %s\n", stmt->ops->name); } |