summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/evaluate.c6
-rw-r--r--src/parser_bison.y4
-rw-r--r--src/parser_json.c2
-rw-r--r--src/socket.c17
4 files changed, 22 insertions, 7 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index da95cdf9..b793c125 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1715,8 +1715,12 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
{
+ int maxval = 0;
+
+ if((*expr)->socket.key == NFT_SOCKET_TRANSPARENT)
+ maxval = 1;
__expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
- (*expr)->len, 1);
+ (*expr)->len, maxval);
return 0;
}
diff --git a/src/parser_bison.y b/src/parser_bison.y
index fe3c10ba..827b0580 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2531,6 +2531,7 @@ primary_stmt_expr : symbol_expr { $$ = $1; }
| hash_expr { $$ = $1; }
| payload_expr { $$ = $1; }
| keyword_expr { $$ = $1; }
+ | socket_expr { $$ = $1; }
;
shift_stmt_expr : primary_stmt_expr
@@ -3618,7 +3619,8 @@ socket_expr : SOCKET socket_key
}
;
-socket_key : TRANSPARENT { $$ = NFT_SOCKET_TRANSPARENT; }
+socket_key : TRANSPARENT { $$ = NFT_SOCKET_TRANSPARENT; }
+ | MARK { $$ = NFT_SOCKET_MARK; }
;
offset_opt : /* empty */ { $$ = 0; }
diff --git a/src/parser_json.c b/src/parser_json.c
index 8f29aaf7..80364d97 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -358,6 +358,8 @@ static struct expr *json_parse_socket_expr(struct json_ctx *ctx,
if (!strcmp(key, "transparent"))
keyval = NFT_SOCKET_TRANSPARENT;
+ else if (!strcmp(key, "mark"))
+ keyval = NFT_SOCKET_MARK;
if (keyval == -1) {
json_error(ctx, "Invalid socket key value.");
diff --git a/src/socket.c b/src/socket.c
index 7cfe5a9d..d90b0416 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -14,11 +14,18 @@
#include <json.h>
const struct socket_template socket_templates[] = {
- [NFT_SOCKET_TRANSPARENT] = {.token = "transparent",
- .dtype = &integer_type,
- .len = BITS_PER_BYTE,
- .byteorder = BYTEORDER_HOST_ENDIAN,
- }
+ [NFT_SOCKET_TRANSPARENT] = {
+ .token = "transparent",
+ .dtype = &integer_type,
+ .len = BITS_PER_BYTE,
+ .byteorder = BYTEORDER_HOST_ENDIAN,
+ },
+ [NFT_SOCKET_MARK] = {
+ .token = "mark",
+ .dtype = &mark_type,
+ .len = 4 * BITS_PER_BYTE,
+ .byteorder = BYTEORDER_HOST_ENDIAN,
+ },
};
static void socket_expr_print(const struct expr *expr, struct output_ctx *octx)