Loading include/uapi/linux/netfilter/nf_tables.h +3 −1 Original line number Diff line number Diff line Loading @@ -921,10 +921,12 @@ enum nft_socket_attributes { /* * enum nft_socket_keys - nf_tables socket expression keys * * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option_ * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option * @NFT_SOCKET_MARK: Value of the socket mark */ enum nft_socket_keys { NFT_SOCKET_TRANSPARENT, NFT_SOCKET_MARK, __NFT_SOCKET_MAX }; #define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) Loading net/netfilter/nft_socket.c +11 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,14 @@ static void nft_socket_eval(const struct nft_expr *expr, case NFT_SOCKET_TRANSPARENT: nft_reg_store8(dest, inet_sk_transparent(sk)); break; case NFT_SOCKET_MARK: if (sk_fullsock(sk)) { *dest = sk->sk_mark; } else { regs->verdict.code = NFT_BREAK; return; } break; default: WARN_ON(1); regs->verdict.code = NFT_BREAK; Loading Loading @@ -91,6 +99,9 @@ static int nft_socket_init(const struct nft_ctx *ctx, case NFT_SOCKET_TRANSPARENT: len = sizeof(u8); break; case NFT_SOCKET_MARK: len = sizeof(u32); break; default: return -EOPNOTSUPP; } Loading Loading
include/uapi/linux/netfilter/nf_tables.h +3 −1 Original line number Diff line number Diff line Loading @@ -921,10 +921,12 @@ enum nft_socket_attributes { /* * enum nft_socket_keys - nf_tables socket expression keys * * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option_ * @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option * @NFT_SOCKET_MARK: Value of the socket mark */ enum nft_socket_keys { NFT_SOCKET_TRANSPARENT, NFT_SOCKET_MARK, __NFT_SOCKET_MAX }; #define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1) Loading
net/netfilter/nft_socket.c +11 −0 Original line number Diff line number Diff line Loading @@ -54,6 +54,14 @@ static void nft_socket_eval(const struct nft_expr *expr, case NFT_SOCKET_TRANSPARENT: nft_reg_store8(dest, inet_sk_transparent(sk)); break; case NFT_SOCKET_MARK: if (sk_fullsock(sk)) { *dest = sk->sk_mark; } else { regs->verdict.code = NFT_BREAK; return; } break; default: WARN_ON(1); regs->verdict.code = NFT_BREAK; Loading Loading @@ -91,6 +99,9 @@ static int nft_socket_init(const struct nft_ctx *ctx, case NFT_SOCKET_TRANSPARENT: len = sizeof(u8); break; case NFT_SOCKET_MARK: len = sizeof(u32); break; default: return -EOPNOTSUPP; } Loading