summaryrefslogtreecommitdiffstats
path: root/src/statement.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2017-11-09 03:42:55 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2018-06-06 19:18:43 +0200
commit30d45266bf38b209df33e4df1a116c60531ae3e5 (patch)
treeaf94699ae6d6a58edf84aabfff31bc82ff44e642 /src/statement.c
parent57e4a095edc4dab19e14fc8d1bca3febde1ca86c (diff)
expr: extend fwd statement to support address and family
Allow to forward packets through to explicit destination and interface. nft add rule netdev x y fwd ip to 192.168.2.200 device eth0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r--src/statement.c28
1 files changed, 25 insertions, 3 deletions
diff --git a/src/statement.c b/src/statement.c
index 6f490132..58e86f21 100644
--- a/src/statement.c
+++ b/src/statement.c
@@ -713,15 +713,37 @@ struct stmt *dup_stmt_alloc(const struct location *loc)
return stmt_alloc(loc, &dup_stmt_ops);
}
+static const char * const nfproto_family_name_array[NFPROTO_NUMPROTO] = {
+ [NFPROTO_IPV4] = "ip",
+ [NFPROTO_IPV6] = "ip6",
+};
+
+static const char *nfproto_family_name(uint8_t nfproto)
+{
+ if (nfproto >= NFPROTO_NUMPROTO || !nfproto_family_name_array[nfproto])
+ return "unknown";
+
+ return nfproto_family_name_array[nfproto];
+}
+
static void fwd_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
{
- nft_print(octx, "fwd to ");
- expr_print(stmt->fwd.to, octx);
+ if (stmt->fwd.addr) {
+ nft_print(octx, "fwd %s to ",
+ nfproto_family_name(stmt->fwd.family));
+ expr_print(stmt->fwd.addr, octx);
+ nft_print(octx, " device ");
+ expr_print(stmt->fwd.dev, octx);
+ } else {
+ nft_print(octx, "fwd to ");
+ expr_print(stmt->fwd.dev, octx);
+ }
}
static void fwd_stmt_destroy(struct stmt *stmt)
{
- expr_free(stmt->fwd.to);
+ expr_free(stmt->fwd.addr);
+ expr_free(stmt->fwd.dev);
}
static const struct stmt_ops fwd_stmt_ops = {