diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-05-31 20:06:16 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:43:00 +0200 |
commit | a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch) | |
tree | 80182a1faab00aa8ff43891da49ac0a62dacd136 /include/socket.h | |
parent | 30d45266bf38b209df33e4df1a116c60531ae3e5 (diff) |
src: Introduce socket matching
For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:
table inet sockin {
chain sockchain {
type filter hook prerouting priority -150; policy accept;
socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept
}
}
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/socket.h')
-rw-r--r-- | include/socket.h | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/include/socket.h b/include/socket.h new file mode 100644 index 00000000..a2ae9f10 --- /dev/null +++ b/include/socket.h @@ -0,0 +1,24 @@ +#ifndef NFTABLES_SOCKET_H +#define NFTABLES_SOCKET_H + +//#include <parser.h> + +/** + * struct rt_template - template for routing expressions + * + * @token: parser token for the expression + * @dtype: data type of the expression + * @len: length of the expression + * @byteorder: byteorder + */ +struct socket_template { + const char *token; + const struct datatype *dtype; + unsigned int len; + enum byteorder byteorder; +}; + +extern struct expr *socket_expr_alloc(const struct location *loc, + enum nft_socket_keys key); + +#endif /* NFTABLES_SOCKET_H */ |