netfilter: nft_socket: Expose socket mark (7d25f885) · Commits · e / devices / android_kernel_teracube_emerald

include/uapi/linux/netfilter/nf_tables.h

+3 −1

Original line number	Original line	Diff line number	Diff line
	@@ -921,10 +921,12 @@ enum nft_socket_attributes {
	/*		/*
	* enum nft_socket_keys - nf_tables socket expression keys		* enum nft_socket_keys - nf_tables socket expression keys
	*		*
	* @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option_		* @NFT_SOCKET_TRANSPARENT: Value of the IP(V6)_TRANSPARENT socket option
			* @NFT_SOCKET_MARK: Value of the socket mark
	*/		*/
	enum nft_socket_keys {		enum nft_socket_keys {
	NFT_SOCKET_TRANSPARENT,		NFT_SOCKET_TRANSPARENT,
			NFT_SOCKET_MARK,
	__NFT_SOCKET_MAX		__NFT_SOCKET_MAX
	};		};
	#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1)		#define NFT_SOCKET_MAX (__NFT_SOCKET_MAX - 1)

+11 −0

Original line number	Original line	Diff line number	Diff line
	@@ -54,6 +54,14 @@ static void nft_socket_eval(const struct nft_expr *expr,
	case NFT_SOCKET_TRANSPARENT:		case NFT_SOCKET_TRANSPARENT:
	nft_reg_store8(dest, inet_sk_transparent(sk));		nft_reg_store8(dest, inet_sk_transparent(sk));
	break;		break;
			case NFT_SOCKET_MARK:
			if (sk_fullsock(sk)) {
			*dest = sk->sk_mark;
			} else {
			regs->verdict.code = NFT_BREAK;
			return;
			}
			break;
	default:		default:
	WARN_ON(1);		WARN_ON(1);
	regs->verdict.code = NFT_BREAK;		regs->verdict.code = NFT_BREAK;
	@@ -91,6 +99,9 @@ static int nft_socket_init(const struct nft_ctx *ctx,
	case NFT_SOCKET_TRANSPARENT:		case NFT_SOCKET_TRANSPARENT:
	len = sizeof(u8);		len = sizeof(u8);
	break;		break;
			case NFT_SOCKET_MARK:
			len = sizeof(u32);
			break;
	default:		default:
	return -EOPNOTSUPP;		return -EOPNOTSUPP;
	}		}