From 0bc5399d7723d9ecab5f71c30dcaea4041366446 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 29 Sep 2017 13:54:21 +0200 Subject: src: add alternate syntax for ct saddr current syntax is: ct original saddr $address problem is that in inet, bridge etc. we lack context to figure out if this should fetch ipv6 or ipv4 from the conntrack structure. $address might not exist, rhs could e.g. be a set reference. One way to do this is to have users manually specifiy the dependeny: ct l3proto ipv4 ct original saddr $address Thats ugly, and, moreover, only needed for table families other than ip or ipv6. Pablo suggested to instead specify ip saddr, ip6 saddr: ct original ip saddr $address and let nft handle the dependency injection. This adds the required parts to the scanner and the grammar, next commit adds code to eval step to make use of this. Signed-off-by: Florian Westphal --- include/ct.h | 3 ++- include/expression.h | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/ct.h b/include/ct.h index d9a11a3f..ec5d55d8 100644 --- a/include/ct.h +++ b/include/ct.h @@ -24,7 +24,8 @@ struct ct_template { } extern struct expr *ct_expr_alloc(const struct location *loc, - enum nft_ct_keys key, int8_t direction); + enum nft_ct_keys key, int8_t direction, + uint8_t nfproto); extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr); extern struct stmt *notrack_stmt_alloc(const struct location *loc); diff --git a/include/expression.h b/include/expression.h index ce6b702a..d0afaa65 100644 --- a/include/expression.h +++ b/include/expression.h @@ -301,6 +301,7 @@ struct expr { /* EXPR_CT */ enum nft_ct_keys key; int8_t direction; + uint8_t nfproto; } ct; struct { /* EXPR_NUMGEN */ -- cgit v1.2.3 From 41097c80a27ab5857d29d9d831805095455c855a Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 29 Sep 2017 13:54:21 +0200 Subject: src: ct: store proto base of ct key, if any ct keys can match on network and tranasport header protocol elements, such as port numbers or ip addresses. Store this base type so a followup commit can store and kill dependencies, e.g. if bsae is network header we might be able to kill an earlier expression because the dependency is implicit. Signed-off-by: Florian Westphal --- include/expression.h | 1 + 1 file changed, 1 insertion(+) (limited to 'include') diff --git a/include/expression.h b/include/expression.h index d0afaa65..215cbc98 100644 --- a/include/expression.h +++ b/include/expression.h @@ -300,6 +300,7 @@ struct expr { struct { /* EXPR_CT */ enum nft_ct_keys key; + enum proto_bases base; int8_t direction; uint8_t nfproto; } ct; -- cgit v1.2.3