diff options
| -rw-r--r-- | src/error.rs | 3 | ||||
| -rw-r--r-- | src/expr/exthdr.rs | 44 | ||||
| -rw-r--r-- | src/expr/mod.rs | 3 |
3 files changed, 50 insertions, 0 deletions
diff --git a/src/error.rs b/src/error.rs index 80f06d7..fa0e26f 100644 --- a/src/error.rs +++ b/src/error.rs @@ -70,6 +70,9 @@ pub enum DecodeError { #[error("Invalid type for a conntrack key")] UnknownConntrackKey(u32), + #[error("Invalid type for an extension header expression")] + UnknownExtHdrOp(u32), + #[error("Unsupported value for a link layer header field")] UnknownLinkLayerHeaderField(u32, u32), diff --git a/src/expr/exthdr.rs b/src/expr/exthdr.rs new file mode 100644 index 0000000..954b394 --- /dev/null +++ b/src/expr/exthdr.rs @@ -0,0 +1,44 @@ +use rustables_macros::{nfnetlink_enum, nfnetlink_struct}; + +use crate::sys::{ + NFTA_EXTHDR_DREG, NFTA_EXTHDR_FLAGS, NFTA_EXTHDR_LEN, NFTA_EXTHDR_OFFSET, NFTA_EXTHDR_OP, + NFTA_EXTHDR_SREG, NFTA_EXTHDR_TYPE, NFT_EXTHDR_OP_IPV6, NFT_EXTHDR_OP_TCPOPT, +}; + +use super::{Expression, Register}; + +/// Header operation. +#[derive(Debug, Copy, Clone, Eq, PartialEq)] +#[nfnetlink_enum(u32, nested = true)] +pub enum ExtHdrOp { + /// IPv6. + Ipv6 = NFT_EXTHDR_OP_IPV6, + /// TCP options. + TcpOpt = NFT_EXTHDR_OP_TCPOPT, +} + +/// Interacts with layer 4 header options. +#[derive(Default, Debug, Clone, PartialEq, Eq)] +#[nfnetlink_struct(nested = true)] +pub struct ExtHdr { + #[field(NFTA_EXTHDR_DREG)] + dreg: Register, + #[field(NFTA_EXTHDR_TYPE)] + typ: u8, + #[field(NFTA_EXTHDR_OFFSET)] + offset: u32, + #[field(NFTA_EXTHDR_LEN)] + len: u32, + #[field(NFTA_EXTHDR_FLAGS)] + flags: u32, + #[field(NFTA_EXTHDR_OP)] + op: ExtHdrOp, + #[field(NFTA_EXTHDR_SREG)] + sreg: Register, +} + +impl Expression for ExtHdr { + fn get_name() -> &'static str { + "exthdr" + } +} diff --git a/src/expr/mod.rs b/src/expr/mod.rs index af29460..b0d9d51 100644 --- a/src/expr/mod.rs +++ b/src/expr/mod.rs @@ -24,6 +24,9 @@ pub use self::counter::*; pub mod ct; pub use self::ct::*; +pub mod exthdr; +pub use self::exthdr::*; + mod immediate; pub use self::immediate::*; |