summaryrefslogtreecommitdiffstats
path: root/src/netlink.c
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2013-06-22 19:12:24 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-06-24 14:06:09 +0200
commitda015ff415f021294aed8668ddf212acb279cd68 (patch)
treec5d181ee2720c8710c7810d0e750c9d9452b19e1 /src/netlink.c
parentaae836a7aa628af4d4d5dd97d0eefa898e8f5245 (diff)
netlink: fix network address prefix
eg. nft add rule filter output ip daddr 192.168.1.0/24 counter so far, this operation was only possible using sets. nft add rule filter output ip daddr \{ 192.168.1.0/24 \} counter While at it, move all binop postprocess code to a new function that contains this transformation and the existing bitmask to constant (as used by eg. ct state new,established). Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink.c')
-rw-r--r--src/netlink.c24
1 files changed, 24 insertions, 0 deletions
diff --git a/src/netlink.c b/src/netlink.c
index d835281c..2a7bdb56 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -228,6 +228,28 @@ static void netlink_gen_verdict(const struct expr *expr,
}
}
+static void netlink_gen_prefix(const struct expr *expr,
+ struct nft_data_linearize *data)
+{
+ uint32_t i, cidr, idx;
+ uint32_t mask;
+
+ assert(expr->ops->type == EXPR_PREFIX);
+
+ data->len = div_round_up(expr->prefix->len, BITS_PER_BYTE);
+ cidr = expr->prefix_len;
+
+ for (i = 0; i < data->len; i+= 32) {
+ if (cidr - i >= 32)
+ mask = 0;
+ else
+ mask = (1 << cidr) - 1;
+
+ idx = i / 32;
+ data->value[idx] = mask;
+ }
+}
+
void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data)
{
switch (expr->ops->type) {
@@ -237,6 +259,8 @@ void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data)
return netlink_gen_concat_data(expr, data);
case EXPR_VERDICT:
return netlink_gen_verdict(expr, data);
+ case EXPR_PREFIX:
+ return netlink_gen_prefix(expr, data);
default:
BUG("invalid data expression type %s\n", expr->ops->name);
}