Re: [RFC PATCH nft] WIP: Introducing socket matching

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



> > --- a/src/meta.c
> > +++ b/src/meta.c
> > @@ -439,6 +439,8 @@ static const struct meta_template meta_templates[]
= {
> >                                               BYTEORDER_BIG_ENDIAN), /*
avoid conversion; doesn't have endianess */
> >       [NFT_META_SECPATH]      = META_TEMPLATE("secpath", &boolean_type,
> >                                               BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
> > +     [NFT_META_SUBKEY_ISSET] = META_TEMPLATE("isset", &boolean_type,
> > +                                             1 ,
BYTEORDER_HOST_ENDIAN),

> The NFT_META_XXXXX define the elements that can be accessed, by the
> meta expression, such as skb->secpath or skb->mark.

> E.g. when user says 'meta mark 42' then meta expression is created with
> NFT_META_MARK key attribute, so kernel will know it has to fetch
> skb->mark.

> So, this would be something like

>   [NFT_META_SK]  = META_TEMPLATE("sk", &boolean_type,
>                                   BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN),


Is it going to be something like one of the following?

1)   if(skbuff->sk != NULL)
OR
2)  if(skbuff->sk->socket != NULL)

And when matching flags, I guess I should examine
`skbuff->sok->socket->ops`.

I am a bit confused about the different socket structures right now. Until
now I tought that `struct sock` stores the metadata of a packet.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux