diff options
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 7 | ||||
-rw-r--r-- | src/ct.c | 6 | ||||
-rw-r--r-- | src/parser.y | 6 | ||||
-rw-r--r-- | src/scanner.l | 1 |
4 files changed, 12 insertions, 8 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index b4d518e3..0309b9dc 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -174,6 +174,7 @@ enum nft_set_attributes { NFTA_SET_SREG, NFTA_SET_DREG, NFTA_SET_KLEN, + NFTA_SET_DLEN, NFTA_SET_ELEMENTS, __NFTA_SET_MAX }; @@ -262,9 +263,9 @@ enum nft_ct_keys { NFT_CT_SECMARK, NFT_CT_EXPIRATION, NFT_CT_HELPER, - NFT_CT_L3PROTO, - NFT_CT_SADDR, - NFT_CT_DADDR, + NFT_CT_L3PROTOCOL, + NFT_CT_SRC, + NFT_CT_DST, NFT_CT_PROTOCOL, NFT_CT_PROTO_SRC, NFT_CT_PROTO_DST, @@ -108,12 +108,12 @@ static const struct ct_template ct_templates[] = { 4 * BITS_PER_BYTE), [NFT_CT_HELPER] = CT_TEMPLATE("helper", &string_type, BYTEORDER_INVALID, 0), - [NFT_CT_L3PROTO] = CT_TEMPLATE("l3proto", &invalid_type, + [NFT_CT_L3PROTOCOL] = CT_TEMPLATE("l3proto", &invalid_type, BYTEORDER_INVALID, BITS_PER_BYTE), - [NFT_CT_SADDR] = CT_TEMPLATE("saddr", &invalid_type, + [NFT_CT_SRC] = CT_TEMPLATE("saddr", &invalid_type, BYTEORDER_BIG_ENDIAN, 0), - [NFT_CT_DADDR] = CT_TEMPLATE("daddr", &invalid_type, + [NFT_CT_DST] = CT_TEMPLATE("daddr", &invalid_type, BYTEORDER_BIG_ENDIAN, 0), [NFT_CT_PROTOCOL] = CT_TEMPLATE("protocol", &inet_protocol_type, BYTEORDER_BIG_ENDIAN, diff --git a/src/parser.y b/src/parser.y index 90f9052e..c63a14e0 100644 --- a/src/parser.y +++ b/src/parser.y @@ -287,6 +287,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %token STATUS "status" %token EXPIRATION "expiration" %token HELPER "helper" +%token L3PROTOCOL "l3proto" %token PROTO_SRC "proto-src" %token PROTO_DST "proto-dst" @@ -1133,9 +1134,10 @@ ct_key : STATE { $$ = NFT_CT_STATE; } | SECMARK { $$ = NFT_CT_SECMARK; } | EXPIRATION { $$ = NFT_CT_EXPIRATION; } | HELPER { $$ = NFT_CT_HELPER; } + | L3PROTOCOL { $$ = NFT_CT_L3PROTOCOL; } + | SADDR { $$ = NFT_CT_SRC; } + | DADDR { $$ = NFT_CT_DST; } | PROTOCOL { $$ = NFT_CT_PROTOCOL; } - | SADDR { $$ = NFT_CT_SADDR; } - | DADDR { $$ = NFT_CT_DADDR; } | PROTO_SRC { $$ = NFT_CT_PROTO_SRC; } | PROTO_DST { $$ = NFT_CT_PROTO_DST; } ; diff --git a/src/scanner.l b/src/scanner.l index 7fc01f77..f8d018bb 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -375,6 +375,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "status" { return STATUS; } "expiration" { return EXPIRATION; } "helper" { return HELPER; } +"l3proto" { return L3PROTOCOL; } "proto-src" { return PROTO_SRC; } "proto-dst" { return PROTO_DST; } |