diff options
author | Harout Hedeshian <harouth@codeaurora.org> | 2015-07-29 10:27:36 +0000 |
---|---|---|
committer | Android Git Automerger <android-git-automerger@android.com> | 2015-07-29 10:27:36 +0000 |
commit | f77d297ee594603d921373b76af8ce2def2ba737 (patch) | |
tree | b201af9b3832b3667d384fc2145d4255d42537aa | |
parent | 3a14cda16301d90d8a4ca3240f75b25931bdb05b (diff) | |
parent | de2fa7133374831bcb5080a43e567e2e41f84ee7 (diff) | |
download | platform_external_iptables-f77d297ee594603d921373b76af8ce2def2ba737.tar.gz platform_external_iptables-f77d297ee594603d921373b76af8ce2def2ba737.tar.bz2 platform_external_iptables-f77d297ee594603d921373b76af8ce2def2ba737.zip |
am de2fa713: extensions: libxt_socket: add --restore-skmark option
* commit 'de2fa7133374831bcb5080a43e567e2e41f84ee7':
extensions: libxt_socket: add --restore-skmark option
-rw-r--r-- | extensions/libxt_socket.c | 71 | ||||
-rw-r--r-- | include/linux/netfilter/xt_socket.h | 8 |
2 files changed, 79 insertions, 0 deletions
diff --git a/extensions/libxt_socket.c b/extensions/libxt_socket.c index f19c2804..a99135cd 100644 --- a/extensions/libxt_socket.c +++ b/extensions/libxt_socket.c @@ -10,6 +10,7 @@ enum { O_TRANSPARENT = 0, O_NOWILDCARD = 1, + O_RESTORESKMARK = 2, }; static const struct xt_option_entry socket_mt_opts[] = { @@ -23,6 +24,13 @@ static const struct xt_option_entry socket_mt_opts_v2[] = { XTOPT_TABLEEND, }; +static const struct xt_option_entry socket_mt_opts_v3[] = { + {.name = "transparent", .id = O_TRANSPARENT, .type = XTTYPE_NONE}, + {.name = "nowildcard", .id = O_NOWILDCARD, .type = XTTYPE_NONE}, + {.name = "restore-skmark", .id = O_RESTORESKMARK, .type = XTTYPE_NONE}, + XTOPT_TABLEEND, +}; + static void socket_mt_help(void) { printf( @@ -38,6 +46,17 @@ static void socket_mt_help_v2(void) " --transparent Ignore non-transparent sockets\n\n"); } +static void socket_mt_help_v3(void) +{ + printf( + "socket match options:\n" + " --nowildcard Do not ignore LISTEN sockets bound on INADDR_ANY\n" + " --transparent Ignore non-transparent sockets\n" + " --restore-skmark Set the packet mark to the socket mark if\n" + " the socket matches and transparent / \n" + " nowildcard conditions are satisfied\n\n"); +} + static void socket_mt_parse(struct xt_option_call *cb) { struct xt_socket_mtinfo1 *info = cb->data; @@ -65,6 +84,24 @@ static void socket_mt_parse_v2(struct xt_option_call *cb) } } +static void socket_mt_parse_v3(struct xt_option_call *cb) +{ + struct xt_socket_mtinfo2 *info = cb->data; + + xtables_option_parse(cb); + switch (cb->entry->id) { + case O_TRANSPARENT: + info->flags |= XT_SOCKET_TRANSPARENT; + break; + case O_NOWILDCARD: + info->flags |= XT_SOCKET_NOWILDCARD; + break; + case O_RESTORESKMARK: + info->flags |= XT_SOCKET_RESTORESKMARK; + break; + } +} + static void socket_mt_save(const void *ip, const struct xt_entry_match *match) { @@ -101,6 +138,27 @@ socket_mt_print_v2(const void *ip, const struct xt_entry_match *match, socket_mt_save_v2(ip, match); } +static void +socket_mt_save_v3(const void *ip, const struct xt_entry_match *match) +{ + const struct xt_socket_mtinfo3 *info = (const void *)match->data; + + if (info->flags & XT_SOCKET_TRANSPARENT) + printf(" --transparent"); + if (info->flags & XT_SOCKET_NOWILDCARD) + printf(" --nowildcard"); + if (info->flags & XT_SOCKET_RESTORESKMARK) + printf(" --restore-skmark"); +} + +static void +socket_mt_print_v3(const void *ip, const struct xt_entry_match *match, + int numeric) +{ + printf(" socket"); + socket_mt_save_v3(ip, match); +} + static struct xtables_match socket_mt_reg[] = { { .name = "socket", @@ -136,6 +194,19 @@ static struct xtables_match socket_mt_reg[] = { .x6_parse = socket_mt_parse_v2, .x6_options = socket_mt_opts_v2, }, + { + .name = "socket", + .revision = 3, + .family = NFPROTO_UNSPEC, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)), + .userspacesize = XT_ALIGN(sizeof(struct xt_socket_mtinfo2)), + .help = socket_mt_help_v3, + .print = socket_mt_print_v3, + .save = socket_mt_save_v3, + .x6_parse = socket_mt_parse_v3, + .x6_options = socket_mt_opts_v3, + }, }; void _init(void) diff --git a/include/linux/netfilter/xt_socket.h b/include/linux/netfilter/xt_socket.h index 6315e2ac..87644f83 100644 --- a/include/linux/netfilter/xt_socket.h +++ b/include/linux/netfilter/xt_socket.h @@ -6,6 +6,7 @@ enum { XT_SOCKET_TRANSPARENT = 1 << 0, XT_SOCKET_NOWILDCARD = 1 << 1, + XT_SOCKET_RESTORESKMARK = 1 << 2, }; struct xt_socket_mtinfo1 { @@ -18,4 +19,11 @@ struct xt_socket_mtinfo2 { }; #define XT_SOCKET_FLAGS_V2 (XT_SOCKET_TRANSPARENT | XT_SOCKET_NOWILDCARD) +struct xt_socket_mtinfo3 { + __u8 flags; +}; +#define XT_SOCKET_FLAGS_V3 (XT_SOCKET_TRANSPARENT \ + | XT_SOCKET_NOWILDCARD \ + | XT_SOCKET_RESTORESKMARK) + #endif /* _XT_SOCKET_H */ |