diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2018-10-23 17:06:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-23 17:46:47 +0200 |
commit | 03eafe098d5eead786cbbe6f79348f05819cd99e (patch) | |
tree | 852498d1288759dafa8773c04fc24e3f54d4512a /include | |
parent | d7ef1e206bd9b36607dddcf337fada11d743b61f (diff) |
osf: add ttl option support
Add support for ttl option in "osf" expression. Example:
table ip foo {
chain bar {
type filter hook input priority filter; policy accept;
osf ttl skip name "Linux"
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 4 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 2 | ||||
-rw-r--r-- | include/osf.h | 2 |
3 files changed, 7 insertions, 1 deletions
diff --git a/include/expression.h b/include/expression.h index d6977c3a..f018c958 100644 --- a/include/expression.h +++ b/include/expression.h @@ -345,6 +345,10 @@ struct expr { uint8_t direction; uint8_t spnum; } xfrm; + struct { + /* EXPR_OSF */ + uint8_t ttl; + } osf; }; }; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 4e285988..1d13ad37 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -939,10 +939,12 @@ enum nft_socket_keys { * enum nft_osf_attributes - nf_tables osf expression netlink attributes * * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers) + * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8) */ enum nft_osf_attributes { NFTA_OSF_UNSPEC, NFTA_OSF_DREG, + NFTA_OSF_TTL, __NFTA_OSF_MAX }; #define NFT_OSF_MAX (__NFTA_OSF_MAX - 1) diff --git a/include/osf.h b/include/osf.h index 54cdd4af..23ea34d3 100644 --- a/include/osf.h +++ b/include/osf.h @@ -1,7 +1,7 @@ #ifndef NFTABLES_OSF_H #define NFTABLES_OSF_H -struct expr *osf_expr_alloc(const struct location *loc); +struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl); extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del); |