diff options
| author | Florian Westphal <fw@strlen.de> | 2021-12-20 12:30:18 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-02-28 22:44:51 +0100 |
| commit | 5d837d270d5a8b3a4d3fdca12d0f0800b8287cdd (patch) | |
| tree | f6142e001404eaca518ef39eec73b7d1372dd82b /include | |
| parent | 1d507ce7f1d3c12481ee24bd1dcac2fc1984ee9f (diff) | |
src: add tcp option reset support
This allows to replace a tcp option with nops, similar
to the TCPOPTSTRIP feature of iptables.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include')
| -rw-r--r-- | include/json.h | 2 | ||||
| -rw-r--r-- | include/statement.h | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/include/json.h b/include/json.h index a753f359..b0d78eb8 100644 --- a/include/json.h +++ b/include/json.h @@ -91,6 +91,7 @@ json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *tproxy_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *synproxy_stmt_json(const struct stmt *stmt, struct output_ctx *octx); +json_t *optstrip_stmt_json(const struct stmt *stmt, struct output_ctx *octx); int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd); @@ -192,6 +193,7 @@ STMT_PRINT_STUB(verdict) STMT_PRINT_STUB(connlimit) STMT_PRINT_STUB(tproxy) STMT_PRINT_STUB(synproxy) +STMT_PRINT_STUB(optstrip) #undef STMT_PRINT_STUB #undef EXPR_PRINT_STUB diff --git a/include/statement.h b/include/statement.h index 06221040..2a2d3001 100644 --- a/include/statement.h +++ b/include/statement.h @@ -145,6 +145,12 @@ struct nat_stmt { extern struct stmt *nat_stmt_alloc(const struct location *loc, enum nft_nat_etypes type); +struct optstrip_stmt { + struct expr *expr; +}; + +extern struct stmt *optstrip_stmt_alloc(const struct location *loc, struct expr *e); + struct tproxy_stmt { struct expr *addr; struct expr *port; @@ -297,6 +303,7 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc); * @STMT_MAP: map statement * @STMT_SYNPROXY: synproxy statement * @STMT_CHAIN: chain statement + * @STMT_OPTSTRIP: optstrip statement */ enum stmt_types { STMT_INVALID, @@ -326,6 +333,7 @@ enum stmt_types { STMT_MAP, STMT_SYNPROXY, STMT_CHAIN, + STMT_OPTSTRIP, }; /** @@ -380,6 +388,7 @@ struct stmt { struct reject_stmt reject; struct nat_stmt nat; struct tproxy_stmt tproxy; + struct optstrip_stmt optstrip; struct queue_stmt queue; struct quota_stmt quota; struct ct_stmt ct; |