summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/ct.h3
-rw-r--r--include/expression.h1
-rw-r--r--src/ct.c3
-rw-r--r--src/netlink_delinearize.c2
-rw-r--r--src/parser_bison.y18
5 files changed, 21 insertions, 6 deletions
diff --git a/include/ct.h b/include/ct.h
index d9a11a3f..ec5d55d8 100644
--- a/include/ct.h
+++ b/include/ct.h
@@ -24,7 +24,8 @@ struct ct_template {
}
extern struct expr *ct_expr_alloc(const struct location *loc,
- enum nft_ct_keys key, int8_t direction);
+ enum nft_ct_keys key, int8_t direction,
+ uint8_t nfproto);
extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr);
extern struct stmt *notrack_stmt_alloc(const struct location *loc);
diff --git a/include/expression.h b/include/expression.h
index ce6b702a..d0afaa65 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -301,6 +301,7 @@ struct expr {
/* EXPR_CT */
enum nft_ct_keys key;
int8_t direction;
+ uint8_t nfproto;
} ct;
struct {
/* EXPR_NUMGEN */
diff --git a/src/ct.c b/src/ct.c
index b2faf627..f99fc7f8 100644
--- a/src/ct.c
+++ b/src/ct.c
@@ -335,7 +335,7 @@ static const struct expr_ops ct_expr_ops = {
};
struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
- int8_t direction)
+ int8_t direction, uint8_t nfproto)
{
const struct ct_template *tmpl = &ct_templates[key];
struct expr *expr;
@@ -344,6 +344,7 @@ struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
tmpl->byteorder, tmpl->len);
expr->ct.key = key;
expr->ct.direction = direction;
+ expr->ct.nfproto = nfproto;
switch (key) {
case NFT_CT_PROTOCOL:
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 42206ebc..7c61cd0c 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -716,7 +716,7 @@ static void netlink_parse_ct_expr(struct netlink_parse_ctx *ctx,
dir = nftnl_expr_get_u8(nle, NFTNL_EXPR_CT_DIR);
key = nftnl_expr_get_u32(nle, NFTNL_EXPR_CT_KEY);
- expr = ct_expr_alloc(loc, key, dir);
+ expr = ct_expr_alloc(loc, key, dir, NFPROTO_UNSPEC);
dreg = netlink_parse_register(nle, NFTNL_EXPR_CT_DREG);
netlink_set_register(ctx, dreg, expr);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 75a77358..0a74a7a5 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -669,7 +669,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%type <expr> ct_expr
%destructor { expr_free($$); } ct_expr
-%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir
+%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir ct_key_proto ct_key_proto_field
%type <expr> fib_expr
%destructor { expr_free($$); } fib_expr
@@ -3259,11 +3259,15 @@ rt_key : CLASSID { $$ = NFT_RT_CLASSID; }
ct_expr : CT ct_key
{
- $$ = ct_expr_alloc(&@$, $2, -1);
+ $$ = ct_expr_alloc(&@$, $2, -1, NFPROTO_UNSPEC);
}
| CT ct_dir ct_key_dir
{
- $$ = ct_expr_alloc(&@$, $3, $2);
+ $$ = ct_expr_alloc(&@$, $3, $2, NFPROTO_UNSPEC);
+ }
+ | CT ct_dir ct_key_proto ct_key_proto_field
+ {
+ $$ = ct_expr_alloc(&@$, $4, $2, $3);
}
;
@@ -3297,6 +3301,14 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; }
| ct_key_dir_optional
;
+ct_key_proto : IP { $$ = NFPROTO_IPV4; }
+ | IP6 { $$ = NFPROTO_IPV6; }
+ ;
+
+ct_key_proto_field : SADDR { $$ = NFT_CT_SRC; }
+ | DADDR { $$ = NFT_CT_DST; }
+ ;
+
ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; }
| PACKETS { $$ = NFT_CT_PKTS; }
| AVGPKT { $$ = NFT_CT_AVGPKT; }