diff options
author | Arturo Borrero <arturo.borrero.glez@gmail.com> | 2014-11-03 21:20:11 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2014-11-04 14:38:04 +0100 |
commit | a7469ab47400bf4add8269a2908965e82ceefc48 (patch) | |
tree | 649d8911984c4a200dc1f61247b518e2d019a78f /src/netlink_linearize.c | |
parent | 8f4c613c9c1aa0ea6b565bbd1c5332317a3e7fdc (diff) |
src: add redirect support
This patch adds redirect support for nft.
The syntax is:
% nft add rule nat prerouting redirect [port] [nat_flags]
Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 62155cc3..de338cb7 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -701,6 +701,53 @@ static void netlink_gen_masq_stmt(struct netlink_linearize_ctx *ctx, nft_rule_add_expr(ctx->nlr, nle); } +static void netlink_gen_redir_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nft_rule_expr *nle; + enum nft_registers pmin_reg, pmax_reg; + int registers = 0; + + nle = alloc_nft_expr("redir"); + + if (stmt->redir.flags != 0) + nft_rule_expr_set_u32(nle, NFT_EXPR_REDIR_FLAGS, + stmt->redir.flags); + + if (stmt->redir.proto) { + pmin_reg = get_register(ctx); + registers++; + + if (stmt->redir.proto->ops->type == EXPR_RANGE) { + pmax_reg = get_register(ctx); + registers++; + + netlink_gen_expr(ctx, stmt->redir.proto->left, + pmin_reg); + netlink_gen_expr(ctx, stmt->redir.proto->right, + pmax_reg); + nft_rule_expr_set_u32(nle, + NFT_EXPR_REDIR_REG_PROTO_MIN, + pmin_reg); + nft_rule_expr_set_u32(nle, + NFT_EXPR_REDIR_REG_PROTO_MAX, + pmax_reg); + } else { + netlink_gen_expr(ctx, stmt->redir.proto, pmin_reg); + nft_rule_expr_set_u32(nle, + NFT_EXPR_REDIR_REG_PROTO_MIN, + pmin_reg); + } + } + + while (registers > 0) { + release_register(ctx); + registers--; + } + + nft_rule_add_expr(ctx->nlr, nle); +} + static void netlink_gen_queue_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { @@ -767,6 +814,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, return netlink_gen_nat_stmt(ctx, stmt); case STMT_MASQ: return netlink_gen_masq_stmt(ctx, stmt); + case STMT_REDIR: + return netlink_gen_redir_stmt(ctx, stmt); case STMT_QUEUE: return netlink_gen_queue_stmt(ctx, stmt); case STMT_CT: |