diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-08-01 20:09:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-08-03 12:25:59 +0200 |
commit | 9ea0401e385e1dd3f1579a4e772aa876a5e21288 (patch) | |
tree | 44c88a4960fda27226bdd11b938d1a3871af1588 /src | |
parent | 029d9b3c16ae2354b6397c325a8dc389c67d970b (diff) |
src: Expose socket mark via socket expression
This can be used like ct mark or meta mark except it cannot be set. doc
and tests are included.
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 6 | ||||
-rw-r--r-- | src/parser_bison.y | 4 | ||||
-rw-r--r-- | src/parser_json.c | 2 | ||||
-rw-r--r-- | src/socket.c | 17 |
4 files changed, 22 insertions, 7 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index da95cdf9..b793c125 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1715,8 +1715,12 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp) static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr) { + int maxval = 0; + + if((*expr)->socket.key == NFT_SOCKET_TRANSPARENT) + maxval = 1; __expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder, - (*expr)->len, 1); + (*expr)->len, maxval); return 0; } diff --git a/src/parser_bison.y b/src/parser_bison.y index fe3c10ba..827b0580 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2531,6 +2531,7 @@ primary_stmt_expr : symbol_expr { $$ = $1; } | hash_expr { $$ = $1; } | payload_expr { $$ = $1; } | keyword_expr { $$ = $1; } + | socket_expr { $$ = $1; } ; shift_stmt_expr : primary_stmt_expr @@ -3618,7 +3619,8 @@ socket_expr : SOCKET socket_key } ; -socket_key : TRANSPARENT { $$ = NFT_SOCKET_TRANSPARENT; } +socket_key : TRANSPARENT { $$ = NFT_SOCKET_TRANSPARENT; } + | MARK { $$ = NFT_SOCKET_MARK; } ; offset_opt : /* empty */ { $$ = 0; } diff --git a/src/parser_json.c b/src/parser_json.c index 8f29aaf7..80364d97 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -358,6 +358,8 @@ static struct expr *json_parse_socket_expr(struct json_ctx *ctx, if (!strcmp(key, "transparent")) keyval = NFT_SOCKET_TRANSPARENT; + else if (!strcmp(key, "mark")) + keyval = NFT_SOCKET_MARK; if (keyval == -1) { json_error(ctx, "Invalid socket key value."); diff --git a/src/socket.c b/src/socket.c index 7cfe5a9d..d90b0416 100644 --- a/src/socket.c +++ b/src/socket.c @@ -14,11 +14,18 @@ #include <json.h> const struct socket_template socket_templates[] = { - [NFT_SOCKET_TRANSPARENT] = {.token = "transparent", - .dtype = &integer_type, - .len = BITS_PER_BYTE, - .byteorder = BYTEORDER_HOST_ENDIAN, - } + [NFT_SOCKET_TRANSPARENT] = { + .token = "transparent", + .dtype = &integer_type, + .len = BITS_PER_BYTE, + .byteorder = BYTEORDER_HOST_ENDIAN, + }, + [NFT_SOCKET_MARK] = { + .token = "mark", + .dtype = &mark_type, + .len = 4 * BITS_PER_BYTE, + .byteorder = BYTEORDER_HOST_ENDIAN, + }, }; static void socket_expr_print(const struct expr *expr, struct output_ctx *octx) |