diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-27 23:34:57 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-03 14:21:53 +0100 |
commit | b139f738f558d6afb8c8f3e73526f578b059abd6 (patch) | |
tree | 2d1b575ee0058f988b43bb43970ab13162a87da0 /src/netlink_linearize.c | |
parent | 0eaedf58acad4214dd827515c56b9da26ab9e9e3 (diff) |
src: add stateful object reference expression
This patch adds a new objref statement to refer to existing stateful
objects from rules, eg.
# nft add rule filter input counter name test counter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 144068d2..c9488b32 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -689,6 +689,20 @@ static void netlink_gen_expr(struct netlink_linearize_ctx *ctx, } } +static void netlink_gen_objref_stmt(struct netlink_linearize_ctx *ctx, + const struct stmt *stmt) +{ + struct nft_data_linearize nld; + struct nftnl_expr *nle; + + nle = alloc_nft_expr("objref"); + netlink_gen_data(stmt->objref.expr, &nld); + nftnl_expr_set(nle, NFTNL_EXPR_OBJREF_IMM_NAME, nld.value, nld.len); + nftnl_expr_set_u32(nle, NFTNL_EXPR_OBJREF_IMM_TYPE, stmt->objref.type); + + nftnl_rule_add_expr(ctx->nlr, nle); +} + static struct nftnl_expr * netlink_gen_counter_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) @@ -1225,6 +1239,8 @@ static void netlink_gen_stmt(struct netlink_linearize_ctx *ctx, break; case STMT_NOTRACK: return netlink_gen_notrack_stmt(ctx, stmt); + case STMT_OBJREF: + return netlink_gen_objref_stmt(ctx, stmt); default: BUG("unknown statement type %s\n", stmt->ops->name); } |