diff options
author | Fernando Fernandez Mancera <ffmancera@riseup.net> | 2019-09-13 01:07:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-09-13 13:34:53 +0200 |
commit | f44ab88b1088eeee8a1a9e1a63db4978932f257f (patch) | |
tree | fc293e4fc3ea752801dc9a9c6169d626e59c9677 /src/evaluate.c | |
parent | 80ac631e0eae75f47962aa73d74d2d9c0a0ddaaa (diff) |
src: add synproxy stateful object support
Add support for "synproxy" stateful object. For example (for TCP port 80 and
using maps with saddr):
table ip foo {
synproxy https-synproxy {
mss 1460
wscale 7
timestamp sack-perm
}
synproxy other-synproxy {
mss 1460
wscale 5
}
chain bar {
tcp dport 80 synproxy name "https-synproxy"
synproxy name ip saddr map { 192.168.1.0/24 : "https-synproxy", 192.168.2.0/24 : "other-synproxy" }
}
}
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 29fe9660..a56cd2a5 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3743,6 +3743,7 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) case CMD_OBJ_CT_TIMEOUT: case CMD_OBJ_SECMARK: case CMD_OBJ_CT_EXPECT: + case CMD_OBJ_SYNPROXY: return obj_evaluate(ctx, cmd->object); default: BUG("invalid command object type %u\n", cmd->obj); @@ -3766,6 +3767,7 @@ static int cmd_evaluate_delete(struct eval_ctx *ctx, struct cmd *cmd) case CMD_OBJ_LIMIT: case CMD_OBJ_SECMARK: case CMD_OBJ_CT_EXPECT: + case CMD_OBJ_SYNPROXY: return 0; default: BUG("invalid command object type %u\n", cmd->obj); @@ -3911,6 +3913,8 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) return cmd_evaluate_list_obj(ctx, cmd, NFT_OBJECT_SECMARK); case CMD_OBJ_CT_EXPECT: return cmd_evaluate_list_obj(ctx, cmd, NFT_OBJECT_CT_EXPECT); + case CMD_OBJ_SYNPROXY: + return cmd_evaluate_list_obj(ctx, cmd, NFT_OBJECT_SYNPROXY); case CMD_OBJ_COUNTERS: case CMD_OBJ_QUOTAS: case CMD_OBJ_CT_HELPERS: @@ -3918,6 +3922,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd) case CMD_OBJ_SETS: case CMD_OBJ_FLOWTABLES: case CMD_OBJ_SECMARKS: + case CMD_OBJ_SYNPROXYS: if (cmd->handle.table.name == NULL) return 0; if (table_lookup(&cmd->handle, &ctx->nft->cache) == NULL) |