src: Expose socket mark via socket expression

This can be used like ct mark or meta mark except it cannot be set. doc and tests are included. Signed-off-by: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Máté Eckl <ecklm94@gmail.com> 2018-08-01 20:09:22 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-08-03 12:25:59 +0200
commit: 9ea0401e385e1dd3f1579a4e772aa876a5e21288 (patch)
tree: 44c88a4960fda27226bdd11b938d1a3871af1588 /src/evaluate.c
parent: 029d9b3c16ae2354b6397c325a8dc389c67d970b (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index da95cdf9..b793c125 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1715,8 +1715,12 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
 
 static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
 {
+	int maxval = 0;
+
+	if((*expr)->socket.key == NFT_SOCKET_TRANSPARENT)
+		maxval = 1;
 	__expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
-			   (*expr)->len, 1);
+			   (*expr)->len, maxval);
 	return 0;
 }
author	Máté Eckl <ecklm94@gmail.com>	2018-08-01 20:09:22 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-08-03 12:25:59 +0200
commit	9ea0401e385e1dd3f1579a4e772aa876a5e21288 (patch)
tree	44c88a4960fda27226bdd11b938d1a3871af1588 /src/evaluate.c
parent	029d9b3c16ae2354b6397c325a8dc389c67d970b (diff)