diff options
author | Florian Westphal <fw@strlen.de> | 2018-07-19 23:20:20 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-07-21 10:44:34 +0200 |
commit | 6ea7579e6fe249e1775e871985be555e22d48778 (patch) | |
tree | d06387b1bbd368119492616440aca7036ef529b0 /iptables/nft-ipv4.c | |
parent | 922508e9156327ccb8e35243781cf85f5787ee40 (diff) |
nft: decode meta l4proto
Allow to show '-p tcp' in case rule was added by nft (which prefers
use of meta l4proto).
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 0cfe84e1..eaf861d1 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -172,6 +172,16 @@ static void nft_ipv4_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e, { struct iptables_command_state *cs = data; + switch (ctx->meta.key) { + case NFT_META_L4PROTO: + cs->fw.ip.proto = nftnl_expr_get_u8(e, NFTNL_EXPR_CMP_DATA); + if (nftnl_expr_get_u32(e, NFTNL_EXPR_CMP_OP) == NFT_CMP_NEQ) + cs->fw.ip.invflags |= XT_INV_PROTO; + return; + default: + break; + } + parse_meta(e, ctx->meta.key, cs->fw.ip.iniface, cs->fw.ip.iniface_mask, cs->fw.ip.outiface, cs->fw.ip.outiface_mask, &cs->fw.ip.invflags); |