From 03eafe098d5eead786cbbe6f79348f05819cd99e Mon Sep 17 00:00:00 2001 From: Fernando Fernandez Mancera Date: Tue, 23 Oct 2018 17:06:22 +0200 Subject: osf: add ttl option support Add support for ttl option in "osf" expression. Example: table ip foo { chain bar { type filter hook input priority filter; policy accept; osf ttl skip name "Linux" } } Signed-off-by: Fernando Fernandez Mancera Signed-off-by: Pablo Neira Ayuso --- include/expression.h | 4 ++++ include/linux/netfilter/nf_tables.h | 2 ++ include/osf.h | 2 +- 3 files changed, 7 insertions(+), 1 deletion(-) (limited to 'include') diff --git a/include/expression.h b/include/expression.h index d6977c3a..f018c958 100644 --- a/include/expression.h +++ b/include/expression.h @@ -345,6 +345,10 @@ struct expr { uint8_t direction; uint8_t spnum; } xfrm; + struct { + /* EXPR_OSF */ + uint8_t ttl; + } osf; }; }; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 4e285988..1d13ad37 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -939,10 +939,12 @@ enum nft_socket_keys { * enum nft_osf_attributes - nf_tables osf expression netlink attributes * * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers) + * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8) */ enum nft_osf_attributes { NFTA_OSF_UNSPEC, NFTA_OSF_DREG, + NFTA_OSF_TTL, __NFTA_OSF_MAX }; #define NFT_OSF_MAX (__NFTA_OSF_MAX - 1) diff --git a/include/osf.h b/include/osf.h index 54cdd4af..23ea34d3 100644 --- a/include/osf.h +++ b/include/osf.h @@ -1,7 +1,7 @@ #ifndef NFTABLES_OSF_H #define NFTABLES_OSF_H -struct expr *osf_expr_alloc(const struct location *loc); +struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl); extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del); -- cgit v1.2.3