netfilter: nft_socket: Expose socket mark

Signed-off-by: Máté Eckl <ecklm94@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Máté Eckl <ecklm94@gmail.com> 2018-07-12 17:48:06 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2018-07-18 11:26:52 +0200
commit: 7d25f8851a2c03319bfa8e56bb40bde2c4621392 (patch)
tree: 31df87fac513eaeb4dd2f7815aea59f4102f630d /net
parent: netfilter: nft_socket: Break evaluation if no socket found (diff)
download: linux-dev-7d25f8851a2c03319bfa8e56bb40bde2c4621392.tar.xz
linux-dev-7d25f8851a2c03319bfa8e56bb40bde2c4621392.zip
1 files changed, 11 insertions, 0 deletions
diff --git a/net/netfilter/nft_socket.c b/net/netfilter/nft_socket.c
index 622ac2012a40..d7f3776dfd71 100644
--- a/net/netfilter/nft_socket.c
+++ b/net/netfilter/nft_socket.c
@@ -54,6 +54,14 @@ static void nft_socket_eval(const struct nft_expr *expr,
 	case NFT_SOCKET_TRANSPARENT:
 		nft_reg_store8(dest, inet_sk_transparent(sk));
 		break;
+	case NFT_SOCKET_MARK:
+		if (sk_fullsock(sk)) {
+			*dest = sk->sk_mark;
+		} else {
+			regs->verdict.code = NFT_BREAK;
+			return;
+		}
+		break;
 	default:
 		WARN_ON(1);
 		regs->verdict.code = NFT_BREAK;
@@ -91,6 +99,9 @@ static int nft_socket_init(const struct nft_ctx *ctx,
 	case NFT_SOCKET_TRANSPARENT:
 		len = sizeof(u8);
 		break;
+	case NFT_SOCKET_MARK:
+		len = sizeof(u32);
+		break;
 	default:
 		return -EOPNOTSUPP;
 	}
author	Máté Eckl <ecklm94@gmail.com>	2018-07-12 17:48:06 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2018-07-18 11:26:52 +0200
commit	7d25f8851a2c03319bfa8e56bb40bde2c4621392 (patch)
tree	31df87fac513eaeb4dd2f7815aea59f4102f630d /net
parent	netfilter: nft_socket: Break evaluation if no socket found (diff)
download	linux-dev-7d25f8851a2c03319bfa8e56bb40bde2c4621392.tar.xz linux-dev-7d25f8851a2c03319bfa8e56bb40bde2c4621392.zip