1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
use super::{DeserializationError, Expression, Rule};
use crate::sys::{self, libc};
use std::os::raw::c_char;
bitflags::bitflags! {
pub struct States: u32 {
const INVALID = 1;
const ESTABLISHED = 2;
const RELATED = 4;
const NEW = 8;
const UNTRACKED = 64;
}
}
pub enum Conntrack {
State,
Mark { set: bool },
}
impl Conntrack {
fn raw_key(&self) -> u32 {
match *self {
Conntrack::State => libc::NFT_CT_STATE as u32,
Conntrack::Mark { .. } => libc::NFT_CT_MARK as u32,
}
}
}
impl Expression for Conntrack {
fn get_raw_name() -> *const c_char {
b"ct\0" as *const _ as *const c_char
}
fn from_expr(expr: *const sys::nftnl_expr) -> Result<Self, DeserializationError>
where
Self: Sized,
{
unsafe {
let ct_key = sys::nftnl_expr_get_u32(expr, sys::NFTNL_EXPR_CT_KEY as u16);
let ct_sreg_is_set = sys::nftnl_expr_is_set(expr, sys::NFTNL_EXPR_CT_SREG as u16);
match ct_key as i32 {
libc::NFT_CT_STATE => Ok(Conntrack::State),
libc::NFT_CT_MARK => Ok(Conntrack::Mark {
set: ct_sreg_is_set,
}),
_ => Err(DeserializationError::InvalidValue),
}
}
}
fn to_expr(&self, _rule: &Rule) -> *mut sys::nftnl_expr {
unsafe {
let expr = try_alloc!(sys::nftnl_expr_alloc(Self::get_raw_name()));
if let Conntrack::Mark { set: true } = self {
sys::nftnl_expr_set_u32(
expr,
sys::NFTNL_EXPR_CT_SREG as u16,
libc::NFT_REG_1 as u32,
);
} else {
sys::nftnl_expr_set_u32(
expr,
sys::NFTNL_EXPR_CT_DREG as u16,
libc::NFT_REG_1 as u32,
);
}
sys::nftnl_expr_set_u32(expr, sys::NFTNL_EXPR_CT_KEY as u16, self.raw_key());
expr
}
}
}
#[macro_export]
macro_rules! nft_expr_ct {
(state) => {
$crate::expr::Conntrack::State
};
(mark set) => {
$crate::expr::Conntrack::Mark { set: true }
};
(mark) => {
$crate::expr::Conntrack::Mark { set: false }
};
}
|
