diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-18 08:43:23 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-03-05 16:30:15 +0100 |
| commit | 92911b362e9067a9a335ac1a63e15119fb69a47d (patch) | |
| tree | 74dba6877734feb8a1900b469b76bb1dffc13421 /src/rule.c | |
| parent | db0697ce7f6020b525cee072e7c0c85512daabda (diff) | |
src: add support to add flowtables
This patch allows you to create flowtable:
# nft add table x
# nft add flowtable x m { hook ingress priority 10\; devices = { eth0, wlan0 }\; }
You have to specify hook and priority. So far, only the ingress hook is
supported. The priority represents where this flowtable is placed in the
ingress hook, which is registered to the devices that the user
specifies.
You can also use the 'create' command instead to bail out in case that
there is an existing flowtable with this name.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/rule.c')
| -rw-r--r-- | src/rule.c | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -45,6 +45,8 @@ void handle_merge(struct handle *dst, const struct handle *src) dst->chain = xstrdup(src->chain); if (dst->set == NULL && src->set != NULL) dst->set = xstrdup(src->set); + if (dst->flowtable == NULL && src->flowtable != NULL) + dst->flowtable = xstrdup(src->flowtable); if (dst->obj == NULL && src->obj != NULL) dst->obj = xstrdup(src->obj); if (dst->handle.id == 0) @@ -899,6 +901,7 @@ struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj, void nft_cmd_expand(struct cmd *cmd) { struct list_head new_cmds; + struct flowtable *ft; struct table *table; struct chain *chain; struct rule *rule; @@ -938,6 +941,14 @@ void nft_cmd_expand(struct cmd *cmd) &set->location, set_get(set)); list_add_tail(&new->list, &new_cmds); } + list_for_each_entry(ft, &table->flowtables, list) { + handle_merge(&ft->handle, &table->handle); + memset(&h, 0, sizeof(h)); + handle_merge(&h, &ft->handle); + new = cmd_alloc(CMD_ADD, CMD_OBJ_FLOWTABLE, &h, + &ft->location, flowtable_get(ft)); + list_add_tail(&new->list, &new_cmds); + } list_for_each_entry(chain, &table->chains, list) { list_for_each_entry(rule, &chain->rules, list) { memset(&h, 0, sizeof(h)); @@ -1024,6 +1035,9 @@ void cmd_free(struct cmd *cmd) case CMD_OBJ_LIMIT: obj_free(cmd->object); break; + case CMD_OBJ_FLOWTABLE: + flowtable_free(cmd->flowtable); + break; default: BUG("invalid command object type %u\n", cmd->obj); } @@ -1115,6 +1129,9 @@ static int do_command_add(struct netlink_ctx *ctx, struct cmd *cmd, bool excl) case CMD_OBJ_CT_HELPER: case CMD_OBJ_LIMIT: return netlink_add_obj(ctx, &cmd->handle, cmd->object, flags); + case CMD_OBJ_FLOWTABLE: + return netlink_add_flowtable(ctx, &cmd->handle, cmd->flowtable, + flags); default: BUG("invalid command object type %u\n", cmd->obj); } |