[PATCH] verdict type: handle verdict flags and encoded additional information

Patrick McHardy <kaber@xxxxxxxxx> · Tue, 19 Aug 2014 00:37:20 +0100

The kernel can handle this, nftables should also.

Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
 src/datatype.c | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/src/datatype.c b/src/datatype.c
index 36d5985..fdfee54 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -176,15 +176,6 @@ const struct datatype invalid_type = {
 static void verdict_type_print(const struct expr *expr)
 {
 	switch (expr->verdict) {
-	case NF_ACCEPT:
-		printf("accept");
-		break;
-	case NF_DROP:
-		printf("drop");
-		break;
-	case NF_QUEUE:
-		printf("queue");
-		break;
 	case NFT_CONTINUE:
 		printf("continue");
 		break;
@@ -201,7 +192,19 @@ static void verdict_type_print(const struct expr *expr)
 		printf("return");
 		break;
 	default:
-		BUG("invalid verdict value %u\n", expr->verdict);
+		switch (expr->verdict & NF_VERDICT_MASK) {
+		case NF_ACCEPT:
+			printf("accept");
+			break;
+		case NF_DROP:
+			printf("drop");
+			break;
+		case NF_QUEUE:
+			printf("queue");
+			break;
+		default:
+			BUG("invalid verdict value %u\n", expr->verdict);
+		}
 	}
 }
 
-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







