src: ct: store proto base of ct key, if any

ct keys can match on network and tranasport header protocol
elements, such as port numbers or ip addresses.

Store this base type so a followup commit can store and kill
dependencies, e.g. if bsae is network header we might be able
to kill an earlier expression because the dependency is implicit.

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/include/expression.h b/include/expression.h
index d0afaa6571e88ffe05cf2d0ae600b1a2321a13e7..215cbc98e8d7015505a209226ddfb8c462879b2e 100644 (file)
--- a/include/expression.h
+++ b/include/expression.h
@@ -300,6 +300,7 @@ struct expr {
                struct {
                        /* EXPR_CT */
                        enum nft_ct_keys        key;
+                       enum proto_bases        base;
                        int8_t                  direction;
                        uint8_t                 nfproto;
                } ct;

diff --git a/src/ct.c b/src/ct.c
index f99fc7f8ebb51d7b9dc44f9f3b8a678cd2dbd79f..044a6a50fb60fb0afcf9d6bf6080f8d86e7468f7 100644 (file)
--- a/src/ct.c
+++ b/src/ct.c
@@ -347,8 +347,21 @@ struct expr *ct_expr_alloc(const struct location *loc, enum nft_ct_keys key,
        expr->ct.nfproto = nfproto;
 
        switch (key) {
+       case NFT_CT_SRC:
+       case NFT_CT_DST:
+               expr->ct.base = PROTO_BASE_NETWORK_HDR;
+               break;
+       case NFT_CT_PROTO_SRC:
+       case NFT_CT_PROTO_DST:
+               expr->ct.base = PROTO_BASE_TRANSPORT_HDR;
+               break;
        case NFT_CT_PROTOCOL:
                expr->flags = EXPR_F_PROTOCOL;
+               expr->ct.base = PROTO_BASE_NETWORK_HDR;
+               break;
+       case NFT_CT_L3PROTOCOL:
+               expr->flags = EXPR_F_PROTOCOL;
+               expr->ct.base = PROTO_BASE_LL_HDR;
                break;
        default:
                break;