diff options
author | Florian Westphal <fw@strlen.de> | 2017-02-21 18:11:31 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:09:42 +0100 |
commit | 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch) | |
tree | a54d95ecbb4de9deeeee83f1353421ef690f135e /src/rule.c | |
parent | f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff) |
src: add initial ct helper support
This adds initial support for defining conntrack helper objects
which can then be assigned to connections using the objref infrastructure:
table ip filter {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain y {
tcp dport 21 ct helper set "ftp-standard"
}
}
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
-rw-r--r-- | src/rule.c | 21 |
1 files changed, 20 insertions, 1 deletions
@@ -19,6 +19,7 @@ #include <statement.h> #include <rule.h> #include <utils.h> +#include <netdb.h> #include <netlink.h> #include <libnftnl/common.h> @@ -1172,6 +1173,16 @@ struct obj *obj_lookup(const struct table *table, const char *name, return NULL; } +static void print_proto_name_proto(uint8_t l4) +{ + const struct protoent *p = getprotobynumber(l4); + + if (p) + printf("%s\n", p->p_name); + else + printf("%d\n", l4); +} + static void obj_print_data(const struct obj *obj, struct print_fmt_options *opts) { @@ -1202,6 +1213,13 @@ static void obj_print_data(const struct obj *obj, } } break; + case NFT_OBJECT_CT_HELPER: { + printf("ct helper %s {\n", obj->handle.obj); + printf("\t\ttype \"%s\" protocol ", obj->ct.helper_name); + print_proto_name_proto(obj->ct.l4proto); + printf("\t\tl3proto %s", family2str(obj->ct.l3proto)); + break; + } default: printf("unknown {%s", opts->nl); break; @@ -1211,11 +1229,12 @@ static void obj_print_data(const struct obj *obj, static const char *obj_type_name_array[] = { [NFT_OBJECT_COUNTER] = "counter", [NFT_OBJECT_QUOTA] = "quota", + [NFT_OBJECT_CT_HELPER] = "", }; const char *obj_type_name(enum stmt_types type) { - assert(type <= NFT_OBJECT_QUOTA && obj_type_name_array[type]); + assert(type <= NFT_OBJECT_CT_HELPER && obj_type_name_array[type]); return obj_type_name_array[type]; } |