diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-05-31 20:06:16 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:43:00 +0200 |
commit | a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch) | |
tree | 80182a1faab00aa8ff43891da49ac0a62dacd136 /include/expression.h | |
parent | 30d45266bf38b209df33e4df1a116c60531ae3e5 (diff) |
src: Introduce socket matching
For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:
table inet sockin {
chain sockchain {
type filter hook prerouting priority -150; policy accept;
socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept
}
}
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/expression.h')
-rw-r--r-- | include/expression.h | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h index 15af35e8..2bb51e53 100644 --- a/include/expression.h +++ b/include/expression.h @@ -24,6 +24,7 @@ * @EXPR_PAYLOAD: payload expression * @EXPR_EXTHDR: exthdr expression * @EXPR_META: meta expression + * @EXPR_SOCKET: socket expression * @EXPR_CT: conntrack expression * @EXPR_CONCAT: concatenation * @EXPR_LIST: list of expressions @@ -50,6 +51,7 @@ enum expr_types { EXPR_PAYLOAD, EXPR_EXTHDR, EXPR_META, + EXPR_SOCKET, EXPR_CT, EXPR_CONCAT, EXPR_LIST, @@ -188,6 +190,7 @@ enum expr_flags { #include <rt.h> #include <hash.h> #include <ct.h> +#include <socket.h> /** * struct expr @@ -297,6 +300,10 @@ struct expr { enum proto_bases base; } meta; struct { + /* SOCKET */ + enum nft_socket_keys key; + } socket; + struct { /* EXPR_RT */ enum nft_rt_keys key; } rt; |