diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-11-27 23:34:57 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-01-03 14:21:53 +0100 |
commit | b139f738f558d6afb8c8f3e73526f578b059abd6 (patch) | |
tree | 2d1b575ee0058f988b43bb43970ab13162a87da0 /src/statement.c | |
parent | 0eaedf58acad4214dd827515c56b9da26ab9e9e3 (diff) |
src: add stateful object reference expression
This patch adds a new objref statement to refer to existing stateful
objects from rules, eg.
# nft add rule filter input counter name test counter
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/statement.c')
-rw-r--r-- | src/statement.c | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/statement.c b/src/statement.c index fbd78aaf..24a53ee1 100644 --- a/src/statement.c +++ b/src/statement.c @@ -161,6 +161,39 @@ struct stmt *counter_stmt_alloc(const struct location *loc) return stmt; } +static const char *objref_type[NFT_OBJECT_MAX + 1] = { + [NFT_OBJECT_COUNTER] = "counter", + [NFT_OBJECT_QUOTA] = "quota", +}; + +static const char *objref_type_name(uint32_t type) +{ + if (type > NFT_OBJECT_MAX) + return "unknown"; + + return objref_type[type]; +} + +static void objref_stmt_print(const struct stmt *stmt) +{ + printf("%s name ", objref_type_name(stmt->objref.type)); + expr_print(stmt->objref.expr); +} + +static const struct stmt_ops objref_stmt_ops = { + .type = STMT_OBJREF, + .name = "objref", + .print = objref_stmt_print, +}; + +struct stmt *objref_stmt_alloc(const struct location *loc) +{ + struct stmt *stmt; + + stmt = stmt_alloc(loc, &objref_stmt_ops); + return stmt; +} + static const char *syslog_level[LOG_DEBUG + 1] = { [LOG_EMERG] = "emerg", [LOG_ALERT] = "alert", |