xtables: nft: add protocol and flags for xtables over nf_tables

Add protocol and flags for the compatibility layer. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-01-25 16:04:36 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-30 23:50:23 +0100
commit: 2a87a024e1f77407e332086a4fa664e048280195 (patch)
tree: 859eb3b1229e1c386520fc2d270d0b76c9a63e01 /iptables
parent: 9e62dc8637f210cdeaed784396fecab9b6e5f043 (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/iptables/nft.c b/iptables/nft.c
index f42e4377..c3d5d610 100644
--- a/iptables/nft.c
+++ b/iptables/nft.c
@@ -800,6 +800,13 @@ static void add_addr(struct nft_rule *r, int offset,
 	add_cmp_ptr(r, op, data, len);
 }
 
+static void add_compat(struct nft_rule *r, uint32_t proto, bool inv)
+{
+	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_PROTO, proto);
+	nft_rule_attr_set_u32(r, NFT_RULE_ATTR_COMPAT_FLAGS,
+			      inv ? NFT_RULE_COMPAT_F_INV : 0);
+}
+
 static void add_proto(struct nft_rule *r, int offset, size_t len,
 		      uint32_t proto, int invflags)
 {
@@ -813,6 +820,7 @@ static void add_proto(struct nft_rule *r, int offset, size_t len,
 		op = NFT_CMP_EQ;
 
 	add_cmp_u32(r, proto, op);
+	add_compat(r, proto, invflags & XT_INV_PROTO);
 }
 
 int
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-01-25 16:04:36 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-30 23:50:23 +0100
commit	2a87a024e1f77407e332086a4fa664e048280195 (patch)
tree	859eb3b1229e1c386520fc2d270d0b76c9a63e01 /iptables
parent	9e62dc8637f210cdeaed784396fecab9b6e5f043 (diff)