diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-11-09 03:42:55 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:18:43 +0200 |
commit | 30d45266bf38b209df33e4df1a116c60531ae3e5 (patch) | |
tree | af94699ae6d6a58edf84aabfff31bc82ff44e642 /src/statement.c | |
parent | 57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff) |
expr: extend fwd statement to support address and family
Allow to forward packets through to explicit destination and interface.
nft add rule netdev x y fwd ip to 192.168.2.200 device eth0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/src/statement.c b/src/statement.c index 6f490132..58e86f21 100644 --- a/src/statement.c +++ b/src/statement.c @@ -713,15 +713,37 @@ struct stmt *dup_stmt_alloc(const struct location *loc) return stmt_alloc(loc, &dup_stmt_ops); } +static const char * const nfproto_family_name_array[NFPROTO_NUMPROTO] = { + [NFPROTO_IPV4] = "ip", + [NFPROTO_IPV6] = "ip6", +}; + +static const char *nfproto_family_name(uint8_t nfproto) +{ + if (nfproto >= NFPROTO_NUMPROTO || !nfproto_family_name_array[nfproto]) + return "unknown"; + + return nfproto_family_name_array[nfproto]; +} + static void fwd_stmt_print(const struct stmt *stmt, struct output_ctx *octx) { - nft_print(octx, "fwd to "); - expr_print(stmt->fwd.to, octx); + if (stmt->fwd.addr) { + nft_print(octx, "fwd %s to ", + nfproto_family_name(stmt->fwd.family)); + expr_print(stmt->fwd.addr, octx); + nft_print(octx, " device "); + expr_print(stmt->fwd.dev, octx); + } else { + nft_print(octx, "fwd to "); + expr_print(stmt->fwd.dev, octx); + } } static void fwd_stmt_destroy(struct stmt *stmt) { - expr_free(stmt->fwd.to); + expr_free(stmt->fwd.addr); + expr_free(stmt->fwd.dev); } static const struct stmt_ops fwd_stmt_ops = { |