src: Introduce socket matching

For now it can only match sockets with IP(V6)_TRANSPARENT socket option set. Example: table inet sockin { chain sockchain { type filter hook prerouting priority -150; policy accept; socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept } } Signed-off-by: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Máté Eckl <ecklm94@gmail.com> 2018-05-31 20:06:16 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-06-06 19:43:00 +0200
commit: a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch)
tree: 80182a1faab00aa8ff43891da49ac0a62dacd136 /src/scanner.l
parent: 30d45266bf38b209df33e4df1a116c60531ae3e5 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/scanner.l b/src/scanner.l
index 6a861cf2..416bd27a 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -258,6 +258,9 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ruleset"		{ return RULESET; }
 "trace"			{ return TRACE; }
 
+"socket"		{ return SOCKET; }
+"transparent"		{ return TRANSPARENT;}
+
 "accept"		{ return ACCEPT; }
 "drop"			{ return DROP; }
 "continue"		{ return CONTINUE; }
author	Máté Eckl <ecklm94@gmail.com>	2018-05-31 20:06:16 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-06-06 19:43:00 +0200
commit	a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch)
tree	80182a1faab00aa8ff43891da49ac0a62dacd136 /src/scanner.l
parent	30d45266bf38b209df33e4df1a116c60531ae3e5 (diff)