From a02f8c3f6456e9a84a6c3117f2539376b152ba1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1t=C3=A9=20Eckl?= <ecklm94@gmail.com>
Date: Thu, 31 May 2018 20:06:16 +0200
Subject: src: Introduce socket matching
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:

 table inet sockin {
	chain sockchain {
		type filter hook prerouting priority -150; policy accept;
		socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept

	}
 }

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/expression.h | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'include/expression.h')

diff --git a/include/expression.h b/include/expression.h
index 15af35e8..2bb51e53 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -24,6 +24,7 @@
  * @EXPR_PAYLOAD:	payload expression
  * @EXPR_EXTHDR:	exthdr expression
  * @EXPR_META:		meta expression
+ * @EXPR_SOCKET:	socket expression
  * @EXPR_CT:		conntrack expression
  * @EXPR_CONCAT:	concatenation
  * @EXPR_LIST:		list of expressions
@@ -50,6 +51,7 @@ enum expr_types {
 	EXPR_PAYLOAD,
 	EXPR_EXTHDR,
 	EXPR_META,
+	EXPR_SOCKET,
 	EXPR_CT,
 	EXPR_CONCAT,
 	EXPR_LIST,
@@ -188,6 +190,7 @@ enum expr_flags {
 #include <rt.h>
 #include <hash.h>
 #include <ct.h>
+#include <socket.h>
 
 /**
  * struct expr
@@ -296,6 +299,10 @@ struct expr {
 			enum nft_meta_keys	key;
 			enum proto_bases	base;
 		} meta;
+		struct {
+			/* SOCKET */
+			enum nft_socket_keys	key;
+		} socket;
 		struct {
 			/* EXPR_RT */
 			enum nft_rt_keys	key;
-- 
cgit v1.2.3