diff options
| author | Máté Eckl <ecklm94@gmail.com> | 2018-05-31 20:06:16 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:43:00 +0200 |
| commit | a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch) | |
| tree | 80182a1faab00aa8ff43891da49ac0a62dacd136 /src/parser_bison.y | |
| parent | 30d45266bf38b209df33e4df1a116c60531ae3e5 (diff) | |
src: Introduce socket matching
For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:
table inet sockin {
chain sockchain {
type filter hook prerouting priority -150; policy accept;
socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept
}
}
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/parser_bison.y')
| -rw-r--r-- | src/parser_bison.y | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index c6491a3b..33915ed8 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -189,6 +189,9 @@ int nft_lex(void *, void *, void *); %token FIB "fib" +%token SOCKET "socket" +%token TRANSPARENT "transparent" + %token HOOK "hook" %token DEVICE "device" %token DEVICES "devices" @@ -692,6 +695,10 @@ int nft_lex(void *, void *, void *); %destructor { expr_free($$); } meta_expr %type <val> meta_key meta_key_qualified meta_key_unqualified numgen_type +%type <expr> socket_expr +%destructor { expr_free($$); } socket_expr +%type<val> socket_key + %type <val> nf_key_proto %type <expr> rt_expr @@ -2892,6 +2899,7 @@ primary_expr : symbol_expr { $$ = $1; } | exthdr_expr { $$ = $1; } | exthdr_exists_expr { $$ = $1; } | meta_expr { $$ = $1; } + | socket_expr { $$ = $1; } | rt_expr { $$ = $1; } | ct_expr { $$ = $1; } | numgen_expr { $$ = $1; } @@ -3558,6 +3566,15 @@ meta_stmt : META meta_key SET stmt_expr } ; +socket_expr : SOCKET socket_key + { + $$ = socket_expr_alloc(&@$, $2); + } + ; + +socket_key : TRANSPARENT { $$ = NFT_SOCKET_TRANSPARENT; } + ; + offset_opt : /* empty */ { $$ = 0; } | OFFSET NUM { $$ = $2; } ; |