diff options
author | Máté Eckl <ecklm94@gmail.com> | 2018-05-31 20:06:16 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-06-06 19:43:00 +0200 |
commit | a02f8c3f6456e9a84a6c3117f2539376b152ba1f (patch) | |
tree | 80182a1faab00aa8ff43891da49ac0a62dacd136 /src/socket.c | |
parent | 30d45266bf38b209df33e4df1a116c60531ae3e5 (diff) |
src: Introduce socket matching
For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:
table inet sockin {
chain sockchain {
type filter hook prerouting priority -150; policy accept;
socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept
}
}
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/socket.c')
-rw-r--r-- | src/socket.c | 56 |
1 files changed, 56 insertions, 0 deletions
diff --git a/src/socket.c b/src/socket.c new file mode 100644 index 00000000..d5f401f0 --- /dev/null +++ b/src/socket.c @@ -0,0 +1,56 @@ +/* + * Socket expression/statement related definition and types. + * + * Copyright (c) 2018 Máté Eckl <ecklm94@gmail.com> + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +#include <nftables.h> +#include <expression.h> +#include <socket.h> + +const struct socket_template socket_templates[] = { + [NFT_SOCKET_TRANSPARENT] = {.token = "transparent", + .dtype = &integer_type, + .len = BITS_PER_BYTE, + .byteorder = BYTEORDER_HOST_ENDIAN, + } +}; + +static void socket_expr_print(const struct expr *expr, struct output_ctx *octx) +{ + nft_print(octx, "socket %s", socket_templates[expr->socket.key].token); +} + +static bool socket_expr_cmp(const struct expr *e1, const struct expr *e2) +{ + return e1->socket.key == e2->socket.key; +} + +static void socket_expr_clone(struct expr *new, const struct expr *expr) +{ + new->socket.key = expr->socket.key; +} + +static const struct expr_ops socket_expr_ops = { + .type = EXPR_SOCKET, + .name = "socket", + .print = socket_expr_print, + .cmp = socket_expr_cmp, + .clone = socket_expr_clone, +}; + +struct expr *socket_expr_alloc(const struct location *loc, enum nft_socket_keys key) +{ + const struct socket_template *tmpl = &socket_templates[key]; + struct expr *expr; + + expr = expr_alloc(loc, &socket_expr_ops, tmpl->dtype, + tmpl->byteorder, tmpl->len); + expr->socket.key = key; + + return expr; +} |