diff options
-rw-r--r-- | doc/nft.xml | 10 | ||||
-rw-r--r-- | src/ct.c | 2 | ||||
-rw-r--r-- | src/parser_bison.y | 10 | ||||
-rw-r--r-- | src/scanner.l | 1 |
4 files changed, 18 insertions, 5 deletions
diff --git a/doc/nft.xml b/doc/nft.xml index ed978594..49664c42 100644 --- a/doc/nft.xml +++ b/doc/nft.xml @@ -2655,7 +2655,8 @@ ip6 filter input frag more-fragments 1 counter direction before the conntrack key, others must be used directly because they are direction agnostic. The <command>packets</command>, <command>bytes</command> and <command>avgpkt</command> keywords can be used with or without a direction. If the direction is omitted, the sum of the original and the reply - direction is returned. + direction is returned. The same is true for the <command>zone</command>, if a direction is given, the zone + is only matched if the zone id is tied to the given direction. </para> <para> <cmdsynopsis> @@ -2673,6 +2674,7 @@ ip6 filter input frag more-fragments 1 counter <arg>bytes</arg> <arg>packets</arg> <arg>avgpkt</arg> + <arg>zone</arg> </group> </cmdsynopsis> <cmdsynopsis> @@ -2691,6 +2693,7 @@ ip6 filter input frag more-fragments 1 counter <arg>bytes</arg> <arg>packets</arg> <arg>avgpkt</arg> + <arg>zone</arg> </group> </cmdsynopsis> </para> @@ -2789,6 +2792,11 @@ ip6 filter input frag more-fragments 1 counter <entry>average bytes per packet, see description for <command>packets</command> keyword</entry> <entry>integer (64 bit)</entry> </row> + <row> + <entry>zone</entry> + <entry>conntrack zone</entry> + <entry>integer (16 bit)</entry> + </row> </tbody> </tgroup> </table> @@ -234,6 +234,8 @@ static const struct ct_template ct_templates[] = { BYTEORDER_HOST_ENDIAN, 64), [NFT_CT_AVGPKT] = CT_TEMPLATE("avgpkt", &integer_type, BYTEORDER_HOST_ENDIAN, 64), + [NFT_CT_ZONE] = CT_TEMPLATE("zone", &integer_type, + BYTEORDER_HOST_ENDIAN, 16), }; static void ct_expr_print(const struct expr *expr) diff --git a/src/parser_bison.y b/src/parser_bison.y index b295bfde..80ac2bd0 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -358,6 +358,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token L3PROTOCOL "l3proto" %token PROTO_SRC "proto-src" %token PROTO_DST "proto-dst" +%token ZONE "zone" %token COUNTER "counter" %token NAME "name" @@ -614,7 +615,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <expr> ct_expr %destructor { expr_free($$); } ct_expr -%type <val> ct_key ct_key_dir ct_key_counters +%type <val> ct_key ct_key_dir ct_key_dir_optional %type <expr> fib_expr %destructor { expr_free($$); } fib_expr @@ -2957,7 +2958,7 @@ ct_expr : CT ct_key ct_key : L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; } | PROTOCOL { $$ = NFT_CT_PROTOCOL; } | MARK { $$ = NFT_CT_MARK; } - | ct_key_counters + | ct_key_dir_optional ; ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | DADDR { $$ = NFT_CT_DST; } @@ -2965,12 +2966,13 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | PROTOCOL { $$ = NFT_CT_PROTOCOL; } | PROTO_SRC { $$ = NFT_CT_PROTO_SRC; } | PROTO_DST { $$ = NFT_CT_PROTO_DST; } - | ct_key_counters + | ct_key_dir_optional ; -ct_key_counters : BYTES { $$ = NFT_CT_BYTES; } +ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; } | PACKETS { $$ = NFT_CT_PKTS; } | AVGPKT { $$ = NFT_CT_AVGPKT; } + | ZONE { $$ = NFT_CT_ZONE; } ; ct_stmt : CT ct_key SET expr diff --git a/src/scanner.l b/src/scanner.l index 922d8ec8..e0ddcac1 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -461,6 +461,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "l3proto" { return L3PROTOCOL; } "proto-src" { return PROTO_SRC; } "proto-dst" { return PROTO_DST; } +"zone" { return ZONE; } "numgen" { return NUMGEN; } "inc" { return INC; } |