diff options
author | Florian Westphal <fw@strlen.de> | 2017-02-21 18:11:31 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-03-16 10:09:42 +0100 |
commit | 5ca4eb30d62e0ab2768d64de5c70931292213338 (patch) | |
tree | a54d95ecbb4de9deeeee83f1353421ef690f135e /src/statement.c | |
parent | f2af2b2ad1c4dd68bd5bbf3c763f0f1513281c0c (diff) |
src: add initial ct helper support
This adds initial support for defining conntrack helper objects
which can then be assigned to connections using the objref infrastructure:
table ip filter {
ct helper ftp-standard {
type "ftp" protocol tcp
}
chain y {
tcp dport 21 ct helper set "ftp-standard"
}
}
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/src/statement.c b/src/statement.c index 7ffd25f9..d824dc0b 100644 --- a/src/statement.c +++ b/src/statement.c @@ -174,6 +174,7 @@ struct stmt *counter_stmt_alloc(const struct location *loc) static const char *objref_type[NFT_OBJECT_MAX + 1] = { [NFT_OBJECT_COUNTER] = "counter", [NFT_OBJECT_QUOTA] = "quota", + [NFT_OBJECT_CT_HELPER] = "cthelper", }; static const char *objref_type_name(uint32_t type) @@ -186,7 +187,14 @@ static const char *objref_type_name(uint32_t type) static void objref_stmt_print(const struct stmt *stmt) { - printf("%s name ", objref_type_name(stmt->objref.type)); + switch (stmt->objref.type) { + case NFT_OBJECT_CT_HELPER: + printf("ct helper set "); + break; + default: + printf("%s name ", objref_type_name(stmt->objref.type)); + break; + } expr_print(stmt->objref.expr); } |