diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 7 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 28 | ||||
-rw-r--r-- | include/socket.h | 24 |
3 files changed, 59 insertions, 0 deletions
diff --git a/include/expression.h b/include/expression.h index 15af35e8..2bb51e53 100644 --- a/include/expression.h +++ b/include/expression.h @@ -24,6 +24,7 @@ * @EXPR_PAYLOAD: payload expression * @EXPR_EXTHDR: exthdr expression * @EXPR_META: meta expression + * @EXPR_SOCKET: socket expression * @EXPR_CT: conntrack expression * @EXPR_CONCAT: concatenation * @EXPR_LIST: list of expressions @@ -50,6 +51,7 @@ enum expr_types { EXPR_PAYLOAD, EXPR_EXTHDR, EXPR_META, + EXPR_SOCKET, EXPR_CT, EXPR_CONCAT, EXPR_LIST, @@ -188,6 +190,7 @@ enum expr_flags { #include <rt.h> #include <hash.h> #include <ct.h> +#include <socket.h> /** * struct expr @@ -297,6 +300,10 @@ struct expr { enum proto_bases base; } meta; struct { + /* SOCKET */ + enum nft_socket_keys key; + } socket; + struct { /* EXPR_RT */ enum nft_rt_keys key; } rt; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index f46239ec..88e0ca1c 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -905,6 +905,34 @@ enum nft_rt_attributes { #define NFTA_RT_MAX (__NFTA_RT_MAX - 1) /** + * enum nft_socket_attributes - nf_tables socket expression netlink attributes + * + * @NFTA_SOCKET_KEY: socket key to match + * @NFTA_SOCKET_DREG: destination register + */ +enum nft_socket_attributes { + NFTA_SOCKET_UNSPEC, + + NFTA_SOCKET_KEY, + NFTA_SOCKET_DREG, + + __NFTA_SOCKET_MAX +}; +#define NFTA_SOCKET_MAX (__NFTA_SOCKET_MAX - 1) + +/* + * enum nft_socket_keys - nf_tables socket expression keys + * + * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option_ + */ +enum nft_socket_keys { + NFT_SOCKET_TRANSPARENT, + + __NFT_SOCKET_MAX +}; +#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) + +/** * enum nft_ct_keys - nf_tables ct expression keys * * @NFT_CT_STATE: conntrack state (bitmask of enum ip_conntrack_info) diff --git a/include/socket.h b/include/socket.h new file mode 100644 index 00000000..a2ae9f10 --- /dev/null +++ b/include/socket.h @@ -0,0 +1,24 @@ +#ifndef NFTABLES_SOCKET_H +#define NFTABLES_SOCKET_H + +//#include <parser.h> + +/** + * struct rt_template - template for routing expressions + * + * @token: parser token for the expression + * @dtype: data type of the expression + * @len: length of the expression + * @byteorder: byteorder + */ +struct socket_template { + const char *token; + const struct datatype *dtype; + unsigned int len; + enum byteorder byteorder; +}; + +extern struct expr *socket_expr_alloc(const struct location *loc, + enum nft_socket_keys key); + +#endif /* NFTABLES_SOCKET_H */ |