diff options
Diffstat (limited to 'include/statement.h')
| -rw-r--r-- | include/statement.h | 51 |
1 files changed, 41 insertions, 10 deletions
diff --git a/include/statement.h b/include/statement.h index 7d96b394..662f99dd 100644 --- a/include/statement.h +++ b/include/statement.h @@ -11,6 +11,14 @@ extern struct stmt *expr_stmt_alloc(const struct location *loc, extern struct stmt *verdict_stmt_alloc(const struct location *loc, struct expr *expr); +struct chain_stmt { + struct chain *chain; + struct expr *expr; +}; + +struct stmt *chain_stmt_alloc(const struct location *loc, struct chain *chain, + enum nft_verdicts verdict); + struct flow_stmt { const char *table_name; }; @@ -39,6 +47,13 @@ struct counter_stmt { extern struct stmt *counter_stmt_alloc(const struct location *loc); +struct last_stmt { + uint64_t used; + uint32_t set; +}; + +extern struct stmt *last_stmt_alloc(const struct location *loc); + struct exthdr_stmt { struct expr *expr; struct expr *val; @@ -75,7 +90,7 @@ enum { }; struct log_stmt { - const char *prefix; + struct expr *prefix; unsigned int snaplen; uint16_t group; uint16_t qthreshold; @@ -137,6 +152,12 @@ struct nat_stmt { extern struct stmt *nat_stmt_alloc(const struct location *loc, enum nft_nat_etypes type); +struct optstrip_stmt { + struct expr *expr; +}; + +extern struct stmt *optstrip_stmt_alloc(const struct location *loc, struct expr *e); + struct tproxy_stmt { struct expr *addr; struct expr *port; @@ -151,7 +172,8 @@ struct queue_stmt { uint16_t flags; }; -extern struct stmt *queue_stmt_alloc(const struct location *loc); +extern struct stmt *queue_stmt_alloc(const struct location *loc, + struct expr *e, uint16_t flags); struct quota_stmt { uint64_t bytes; @@ -193,7 +215,7 @@ uint32_t fwd_stmt_type(const char *type); struct set_stmt { struct expr *set; struct expr *key; - struct stmt *stmt; + struct list_head stmt_list; enum nft_dynset_ops op; }; @@ -205,7 +227,7 @@ struct map_stmt { struct expr *set; struct expr *key; struct expr *data; - struct stmt *stmt; + struct list_head stmt_list; enum nft_dynset_ops op; }; @@ -240,8 +262,8 @@ enum nft_xt_type { NFT_XT_MATCH = 0, NFT_XT_TARGET, NFT_XT_WATCHER, - NFT_XT_MAX }; +#define NFT_XT_MAX (NFT_XT_WATCHER + 1) struct xtables_match; struct xtables_target; @@ -249,12 +271,11 @@ struct xtables_target; struct xt_stmt { const char *name; enum nft_xt_type type; + uint32_t rev; + uint32_t family; + size_t infolen; + void *info; uint32_t proto; - union { - struct xtables_match *match; - struct xtables_target *target; - }; - void *entry; }; extern struct stmt *xt_stmt_alloc(const struct location *loc); @@ -287,6 +308,9 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc); * @STMT_CONNLIMIT: connection limit statement * @STMT_MAP: map statement * @STMT_SYNPROXY: synproxy statement + * @STMT_CHAIN: chain statement + * @STMT_OPTSTRIP: optstrip statement + * @STMT_LAST: last statement */ enum stmt_types { STMT_INVALID, @@ -315,6 +339,9 @@ enum stmt_types { STMT_CONNLIMIT, STMT_MAP, STMT_SYNPROXY, + STMT_CHAIN, + STMT_OPTSTRIP, + STMT_LAST, }; /** @@ -364,11 +391,13 @@ struct stmt { struct counter_stmt counter; struct payload_stmt payload; struct meta_stmt meta; + struct last_stmt last; struct log_stmt log; struct limit_stmt limit; struct reject_stmt reject; struct nat_stmt nat; struct tproxy_stmt tproxy; + struct optstrip_stmt optstrip; struct queue_stmt queue; struct quota_stmt quota; struct ct_stmt ct; @@ -380,12 +409,14 @@ struct stmt { struct flow_stmt flow; struct map_stmt map; struct synproxy_stmt synproxy; + struct chain_stmt chain; }; }; extern struct stmt *stmt_alloc(const struct location *loc, const struct stmt_ops *ops); int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt); +int stmt_dependency_evaluate(struct eval_ctx *ctx, struct stmt *stmt); extern void stmt_free(struct stmt *stmt); extern void stmt_list_free(struct list_head *list); extern void stmt_print(const struct stmt *stmt, struct output_ctx *octx); |