From a02f8c3f6456e9a84a6c3117f2539376b152ba1f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?M=C3=A1t=C3=A9=20Eckl?= <ecklm94@gmail.com>
Date: Thu, 31 May 2018 20:06:16 +0200
Subject: src: Introduce socket matching
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

For now it can only match sockets with IP(V6)_TRANSPARENT socket option
set. Example:

 table inet sockin {
	chain sockchain {
		type filter hook prerouting priority -150; policy accept;
		socket transparent 1 mark set 0x00000001 nftrace set 1 counter packets 9 bytes 504 accept

	}
 }

Signed-off-by: Máté Eckl <ecklm94@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/scanner.l | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'src/scanner.l')

diff --git a/src/scanner.l b/src/scanner.l
index 6a861cf2..416bd27a 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -258,6 +258,9 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ruleset"		{ return RULESET; }
 "trace"			{ return TRACE; }
 
+"socket"		{ return SOCKET; }
+"transparent"		{ return TRANSPARENT;}
+
 "accept"		{ return ACCEPT; }
 "drop"			{ return DROP; }
 "continue"		{ return CONTINUE; }
-- 
cgit v1.2.3