nwfilter: add XML attribute to control iptables state match

This patch adds an optional XML attribute to a nwfilter rule to give the user control over whether the rule is supposed to be using the iptables state match or not. A rule may now look like shown in the XML below with the statematch attribute either having value '0' or 'false' (case-insensitive).

[...]
<rule action='accept' direction='in' statematch='false'>
<tcp srcmacaddr='1:2:3:4:5:6'
           srcipaddr='10.1.2.3' srcipmask='32'
           dscp='33'
           srcportstart='20' srcportend='21'
           dstportstart='100' dstportend='1111'/>
</rule>
[...]

I am also extending the nwfilter schema and add this attribute to a test case.

1 files changed, 2 insertions, 2 deletions

diff --git a/tests/nwfilterxml2xmlout/tcp-test.xml b/tests/nwfilterxml2xmlout/tcp-test.xml
index a13afe149..4037808c4 100644
--- a/tests/nwfilterxml2xmlout/tcp-test.xml
+++ b/tests/nwfilterxml2xmlout/tcp-test.xml
@@ -3,10 +3,10 @@
   <rule action='accept' direction='out' priority='500'>
     <tcp srcmacaddr='01:02:03:04:05:06' dstipaddr='10.1.2.3' dstipmask='32' dscp='2'/>
   </rule>
-  <rule action='accept' direction='in' priority='500'>
+  <rule action='accept' direction='in' priority='500' statematch='false'>
     <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='33' srcportstart='20' srcportend='21' dstportstart='100' dstportend='1111'/>
   </rule>
-  <rule action='accept' direction='in' priority='500'>
+  <rule action='accept' direction='in' priority='500' statematch='false'>
     <tcp srcmacaddr='01:02:03:04:05:06' srcipaddr='10.1.2.3' srcipmask='32' dscp='63' srcportstart='255' srcportend='256' dstportstart='65535'/>
   </rule>
 </filter>