diff options
-rw-r--r-- | include/ct.h | 3 | ||||
-rw-r--r-- | include/expression.h | 1 | ||||
-rw-r--r-- | src/ct.c | 3 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 2 | ||||
-rw-r--r-- | src/parser_bison.y | 18 |
5 files changed, 21 insertions, 6 deletions
diff --git a/include/ct.h b/include/ct.h index d9a11a3f..ec5d55d8 100644 --- a/include/ct.h +++ b/include/ct.h @@ -24,7 +24,8 @@ struct ct_template { } extern struct expr *ct_expr_alloc(const struct location *loc, - enum nft_ct_keys key, int8_t direction); + enum nft_ct_keys key, int8_t direction, + uint8_t nfproto); extern void ct_expr_update_type(struct proto_ctx *ctx, struct expr *expr); extern struct stmt *notrack_stmt_alloc(const struct location *loc); diff --git a/include/expression.h b/include/expression.h index ce6b702a..d0afaa65 100644 --- a/include/expression.h +++ b/include/expression.h @@ -301,6 +301,7 @@ struct expr { /* EXPR_CT */ enum nft_ct_keys key; int8_t direction; + uint8_t nfproto; } ct; struct { /* EXPR_NUMGEN */ @@ -335,7 +335,7 @@ static const struct expr_ops ct_expr_ops = { }; struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key, - int8_t direction) + int8_t direction, uint8_t nfproto) { const struct ct_template *tmpl = &ct_templates[key]; struct expr *expr; @@ -344,6 +344,7 @@ struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key, tmpl->byteorder, tmpl->len); expr->ct.key = key; expr->ct.direction = direction; + expr->ct.nfproto = nfproto; switch (key) { case NFT_CT_PROTOCOL: diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 42206ebc..7c61cd0c 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -716,7 +716,7 @@ static void netlink_parse_ct_expr(struct netlink_parse_ctx *ctx, dir = nftnl_expr_get_u8(nle, NFTNL_EXPR_CT_DIR); key = nftnl_expr_get_u32(nle, NFTNL_EXPR_CT_KEY); - expr = ct_expr_alloc(loc, key, dir); + expr = ct_expr_alloc(loc, key, dir, NFPROTO_UNSPEC); dreg = netlink_parse_register(nle, NFTNL_EXPR_CT_DREG); netlink_set_register(ctx, dreg, expr); diff --git a/src/parser_bison.y b/src/parser_bison.y index 75a77358..0a74a7a5 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -669,7 +669,7 @@ static void location_update(struct location *loc, struct location *rhs, int n) %type <expr> ct_expr %destructor { expr_free($$); } ct_expr -%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir +%type <val> ct_key ct_dir ct_key_dir_optional ct_key_dir ct_key_proto ct_key_proto_field %type <expr> fib_expr %destructor { expr_free($$); } fib_expr @@ -3259,11 +3259,15 @@ rt_key : CLASSID { $$ = NFT_RT_CLASSID; } ct_expr : CT ct_key { - $$ = ct_expr_alloc(&@$, $2, -1); + $$ = ct_expr_alloc(&@$, $2, -1, NFPROTO_UNSPEC); } | CT ct_dir ct_key_dir { - $$ = ct_expr_alloc(&@$, $3, $2); + $$ = ct_expr_alloc(&@$, $3, $2, NFPROTO_UNSPEC); + } + | CT ct_dir ct_key_proto ct_key_proto_field + { + $$ = ct_expr_alloc(&@$, $4, $2, $3); } ; @@ -3297,6 +3301,14 @@ ct_key_dir : SADDR { $$ = NFT_CT_SRC; } | ct_key_dir_optional ; +ct_key_proto : IP { $$ = NFPROTO_IPV4; } + | IP6 { $$ = NFPROTO_IPV6; } + ; + +ct_key_proto_field : SADDR { $$ = NFT_CT_SRC; } + | DADDR { $$ = NFT_CT_DST; } + ; + ct_key_dir_optional : BYTES { $$ = NFT_CT_BYTES; } | PACKETS { $$ = NFT_CT_PKTS; } | AVGPKT { $$ = NFT_CT_AVGPKT; } |