From 30d45266bf38b209df33e4df1a116c60531ae3e5 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 9 Nov 2017 03:42:55 +0100 Subject: expr: extend fwd statement to support address and family Allow to forward packets through to explicit destination and interface. nft add rule netdev x y fwd ip to 192.168.2.200 device eth0 Signed-off-by: Pablo Neira Ayuso --- src/netlink_linearize.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) (limited to 'src/netlink_linearize.c') diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 13c3564f..2aadc1ee 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1091,15 +1091,26 @@ static void netlink_gen_dup_stmt(struct netlink_linearize_ctx *ctx, static void netlink_gen_fwd_stmt(struct netlink_linearize_ctx *ctx, const struct stmt *stmt) { - enum nft_registers sreg1; + enum nft_registers sreg1, sreg2; struct nftnl_expr *nle; nle = alloc_nft_expr("fwd"); - sreg1 = get_register(ctx, stmt->fwd.to); - netlink_gen_expr(ctx, stmt->fwd.to, sreg1); + sreg1 = get_register(ctx, stmt->fwd.dev); + netlink_gen_expr(ctx, stmt->fwd.dev, sreg1); netlink_put_register(nle, NFTNL_EXPR_FWD_SREG_DEV, sreg1); - release_register(ctx, stmt->fwd.to); + + if (stmt->fwd.addr != NULL) { + sreg2 = get_register(ctx, stmt->fwd.addr); + netlink_gen_expr(ctx, stmt->fwd.addr, sreg2); + netlink_put_register(nle, NFTNL_EXPR_FWD_SREG_ADDR, sreg2); + release_register(ctx, stmt->fwd.addr); + } + release_register(ctx, stmt->fwd.dev); + + if (stmt->fwd.family) + nftnl_expr_set_u32(nle, NFTNL_EXPR_FWD_NFPROTO, + stmt->fwd.family); nftnl_rule_add_expr(ctx->nlr, nle); } -- cgit v1.2.3