src: add STMT_NAT_F_CONCAT flag and use it

Replace ipportmap boolean field by flags.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/statement.h b/include/statement.h
index 01fe416c415a5ad1b406c992b7e2a196b3743633..7d96b3947dfc7a907f9cef6307c118c94d60fa64 100644 (file)
--- a/include/statement.h
+++ b/include/statement.h
@@ -122,6 +122,7 @@ extern const char *nat_etype2str(enum nft_nat_etypes type);
 enum {
        STMT_NAT_F_INTERVAL     = (1 << 0),
        STMT_NAT_F_PREFIX       = (1 << 1),
+       STMT_NAT_F_CONCAT       = (1 << 2),
 };
 
 struct nat_stmt {
@@ -130,7 +131,6 @@ struct nat_stmt {
        struct expr             *proto;
        uint32_t                flags;
        uint8_t                 family;
-       bool                    ipportmap;
        uint32_t                type_flags;
 };
 

diff --git a/src/evaluate.c b/src/evaluate.c
index a116f7b66e07f9872c5763f12b2475cefea8fcd7..cad65cfb73431289778c0707a5755469ce1aa66a 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2973,7 +2973,7 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
                if (err < 0)
                        return err;
 
-               if (stmt->nat.ipportmap) {
+               if (stmt->nat.type_flags & STMT_NAT_F_CONCAT) {
                        err = stmt_evaluate_nat_map(ctx, stmt);
                        if (err < 0)
                                return err;

diff --git a/src/netlink_delinearize. b/src/netlink_delinearize.
new file mode 100644 (file)
index 0000000..e69de29

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index b039a1e3c7ac75dab6c5f263ab6ff360fc80692e..772559c838f51dde7d1bb6644eed16c20b673480 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1110,7 +1110,7 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
 
        if (is_nat_proto_map(addr, family)) {
                stmt->nat.family = family;
-               stmt->nat.ipportmap = true;
+               stmt->nat.type_flags |= STMT_NAT_F_CONCAT;
                ctx->stmt = stmt;
                return;
        }

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 944fcdae4ee90e8ab40c27e72122bf4c57dd6455..08f7f89f1066a645172b63896e66a1285476d19d 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1127,15 +1127,15 @@ static void netlink_gen_nat_stmt(struct netlink_linearize_ctx *ctx,
                        }
                }
 
-               if (stmt->nat.ipportmap) {
+               if (stmt->nat.type_flags & STMT_NAT_F_CONCAT) {
                        /* nat_stmt evaluation step doesn't allow
-                        * stmt->nat.ipportmap && stmt->nat.proto.
+                        * STMT_NAT_F_CONCAT && stmt->nat.proto.
                         */
                        assert(stmt->nat.proto == NULL);
 
                        pmin_reg = amin_reg;
 
-                       /* if ipportmap is set, the mapped type is a
+                       /* if STMT_NAT_F_CONCAT is set, the mapped type is a
                         * concatenation of 'addr . inet_service'.
                         * The map lookup will then return the
                         * concatenated value, so we need to skip

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 3b470cc63235d93f7985663e5890c3ea50e0b7c4..b1e869d568a1bcbc22fffbf7637272e520c33bd2 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3192,7 +3192,7 @@ nat_stmt_args             :       stmt_expr
                        {
                                $<stmt>0->nat.family = $1;
                                $<stmt>0->nat.addr = $6;
-                               $<stmt>0->nat.ipportmap = true;
+                               $<stmt>0->nat.type_flags = STMT_NAT_F_CONCAT;
                        }
                        |       nf_key_proto INTERVAL TO        stmt_expr
                        {

diff --git a/src/statement.c b/src/statement.c
index 8a1cd6e04f618a3a2cd94a1b8970fee657ca80f2..21a1bc8d40dd58aa73b0f8ab56e2576f36a2f517 100644 (file)
--- a/src/statement.c
+++ b/src/statement.c
@@ -607,7 +607,7 @@ static void nat_stmt_print(const struct stmt *stmt, struct output_ctx *octx)
                        break;
                }
 
-               if (stmt->nat.ipportmap)
+               if (stmt->nat.type_flags & STMT_NAT_F_CONCAT)
                        nft_print(octx, " addr . port");
                else if (stmt->nat.type_flags & STMT_NAT_F_PREFIX)
                        nft_print(octx, " prefix");