From 5d837d270d5a8b3a4d3fdca12d0f0800b8287cdd Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Mon, 20 Dec 2021 12:30:18 +0100 Subject: src: add tcp option reset support This allows to replace a tcp option with nops, similar to the TCPOPTSTRIP feature of iptables. Signed-off-by: Florian Westphal --- include/json.h | 2 ++ include/statement.h | 9 +++++++++ 2 files changed, 11 insertions(+) (limited to 'include') diff --git a/include/json.h b/include/json.h index a753f359..b0d78eb8 100644 --- a/include/json.h +++ b/include/json.h @@ -91,6 +91,7 @@ json_t *verdict_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *connlimit_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *tproxy_stmt_json(const struct stmt *stmt, struct output_ctx *octx); json_t *synproxy_stmt_json(const struct stmt *stmt, struct output_ctx *octx); +json_t *optstrip_stmt_json(const struct stmt *stmt, struct output_ctx *octx); int do_command_list_json(struct netlink_ctx *ctx, struct cmd *cmd); @@ -192,6 +193,7 @@ STMT_PRINT_STUB(verdict) STMT_PRINT_STUB(connlimit) STMT_PRINT_STUB(tproxy) STMT_PRINT_STUB(synproxy) +STMT_PRINT_STUB(optstrip) #undef STMT_PRINT_STUB #undef EXPR_PRINT_STUB diff --git a/include/statement.h b/include/statement.h index 06221040..2a2d3001 100644 --- a/include/statement.h +++ b/include/statement.h @@ -145,6 +145,12 @@ struct nat_stmt { extern struct stmt *nat_stmt_alloc(const struct location *loc, enum nft_nat_etypes type); +struct optstrip_stmt { + struct expr *expr; +}; + +extern struct stmt *optstrip_stmt_alloc(const struct location *loc, struct expr *e); + struct tproxy_stmt { struct expr *addr; struct expr *port; @@ -297,6 +303,7 @@ extern struct stmt *xt_stmt_alloc(const struct location *loc); * @STMT_MAP: map statement * @STMT_SYNPROXY: synproxy statement * @STMT_CHAIN: chain statement + * @STMT_OPTSTRIP: optstrip statement */ enum stmt_types { STMT_INVALID, @@ -326,6 +333,7 @@ enum stmt_types { STMT_MAP, STMT_SYNPROXY, STMT_CHAIN, + STMT_OPTSTRIP, }; /** @@ -380,6 +388,7 @@ struct stmt { struct reject_stmt reject; struct nat_stmt nat; struct tproxy_stmt tproxy; + struct optstrip_stmt optstrip; struct queue_stmt queue; struct quota_stmt quota; struct ct_stmt ct; -- cgit v1.2.3