verdict type: handle verdict flags and encoded additional information

The kernel can handle this, nftables should also.

Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/src/datatype.c b/src/datatype.c
index 36d59859e2ef33e18f09fb4b4a4d6dfc94e2805e..fdfee54a753cc5a6fe20e358679e0fe78de08b43 100644 (file)
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -176,15 +176,6 @@ const struct datatype invalid_type = {
 static void verdict_type_print(const struct expr *expr)
 {
        switch (expr->verdict) {
-       case NF_ACCEPT:
-               printf("accept");
-               break;
-       case NF_DROP:
-               printf("drop");
-               break;
-       case NF_QUEUE:
-               printf("queue");
-               break;
        case NFT_CONTINUE:
                printf("continue");
                break;
@@ -201,7 +192,19 @@ static void verdict_type_print(const struct expr *expr)
                printf("return");
                break;
        default:
-               BUG("invalid verdict value %u\n", expr->verdict);
+               switch (expr->verdict & NF_VERDICT_MASK) {
+               case NF_ACCEPT:
+                       printf("accept");
+                       break;
+               case NF_DROP:
+                       printf("drop");
+                       break;
+               case NF_QUEUE:
+                       printf("queue");
+                       break;
+               default:
+                       BUG("invalid verdict value %u\n", expr->verdict);
+               }
        }
 }