src: add notrack support

This patch adds the notrack statement, to skip connection tracking for certain packets. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-14 22:19:07 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-14 22:19:12 +0100
commit: a84921d7c0de950632ab4630dd4f7ad763e9e453 (patch)
tree: a2077597cf08c04df2066d1b21d60874f94d36c7 /src/netlink_delinearize.c
parent: 75bbb065740e184a8d910db014fdb8949cc5f18e (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 434089b7..66d38caa 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -635,6 +635,13 @@ static void netlink_parse_numgen(struct netlink_parse_ctx *ctx,
 	netlink_set_register(ctx, dreg, expr);
 }
 
+static void netlink_parse_notrack(struct netlink_parse_ctx *ctx,
+				  const struct location *loc,
+				  const struct nftnl_expr *nle)
+{
+	ctx->stmt = notrack_stmt_alloc(loc);
+}
+
 static void netlink_parse_ct_stmt(struct netlink_parse_ctx *ctx,
 				  const struct location *loc,
 				  const struct nftnl_expr *nle)
@@ -1127,6 +1134,7 @@ static const struct {
 	{ .name = "range",	.parse = netlink_parse_range },
 	{ .name = "reject",	.parse = netlink_parse_reject },
 	{ .name = "nat",	.parse = netlink_parse_nat },
+	{ .name = "notrack",	.parse = netlink_parse_notrack },
 	{ .name = "masq",	.parse = netlink_parse_masq },
 	{ .name = "redir",	.parse = netlink_parse_redir },
 	{ .name = "dup",	.parse = netlink_parse_dup },
author	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-14 22:19:07 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-14 22:19:12 +0100
commit	a84921d7c0de950632ab4630dd4f7ad763e9e453 (patch)
tree	a2077597cf08c04df2066d1b21d60874f94d36c7 /src/netlink_delinearize.c
parent	75bbb065740e184a8d910db014fdb8949cc5f18e (diff)