diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-22 17:26:31 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-08-27 00:38:01 +0200 |
commit | 2e27f2468ea69bd4ef15b7582e5d0ebe85c80da8 (patch) | |
tree | 22ca140eb616714782908c7843559a6981afb9b9 /src/parser.y | |
parent | facb3d65ae911418ee10ca2fd1c1ed9a9749cf3b (diff) |
src: allow to specify the base chain type
This patch allows you to specify the type of the base chain, eg.
add table mangle
add chain mangle OUTPUT { type route hook NF_INET_LOCAL_OUT 0; }
The chain type determines the semantics of the chain, we currently
have three types:
* filter, used for plain packet filtering.
* nat, it only sees the first packet of the flow.
* route, which is the equivalent of the iptables mangle table, that
triggers a re-route if there is any change in some of the packet header
fields, eg. IP TOS/DSCP, or the packet metainformation, eg. mark.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser.y')
-rw-r--r-- | src/parser.y | 14 |
1 files changed, 8 insertions, 6 deletions
diff --git a/src/parser.y b/src/parser.y index ff8de47f..f0eb8e32 100644 --- a/src/parser.y +++ b/src/parser.y @@ -766,16 +766,18 @@ map_block : /* empty */ { $$ = $<set>-1; } } ; -hook_spec : HOOK HOOKNUM NUM +hook_spec : TYPE STRING HOOK HOOKNUM NUM { - $<chain>0->hooknum = $2; - $<chain>0->priority = $3; + $<chain>0->type = $2; + $<chain>0->hooknum = $4; + $<chain>0->priority = $5; $<chain>0->flags |= CHAIN_F_BASECHAIN; } - | HOOK HOOKNUM DASH NUM + | TYPE STRING HOOK HOOKNUM DASH NUM { - $<chain>0->hooknum = $2; - $<chain>0->priority = -$4; + $<chain>0->type = $2; + $<chain>0->hooknum = $4; + $<chain>0->priority = -$6; $<chain>0->flags |= CHAIN_F_BASECHAIN; } ; |