Allowing matching on socket UID and GID

author: David Lönnhager <david.l@mullvad.net> 2020-06-04 14:39:13 +0200
committer: David Lönnhager <david.l@mullvad.net> 2020-06-04 14:39:13 +0200
commit: 21d2d2fa46532f603927bded1181975e8f0639c0 (patch)
tree: 92a211c92470749f7516896c491853f8ac455462
parent: 02b3e394e18ba94b77d368848eb4090e7875c1b7 (diff)
1 files changed, 12 insertions, 0 deletions
diff --git a/nftnl/src/expr/meta.rs b/nftnl/src/expr/meta.rs
index 49a3c3f..ee8b479 100644
--- a/nftnl/src/expr/meta.rs
+++ b/nftnl/src/expr/meta.rs
@@ -20,6 +20,10 @@ pub enum Meta {
     IifType,
     /// Packet output interface type (dev->type).
     OifType,
+    /// Originating socket UID (fsuid).
+    SkUid,
+    /// Originating socket GID (fsgid).
+    SkGid,
     /// Netfilter protocol (Transport layer protocol).
     NfProto,
     /// Layer 4 protocol number.
@@ -43,6 +47,8 @@ impl Meta {
             OifName => libc::NFT_META_OIFNAME as u32,
             IifType => libc::NFT_META_IIFTYPE as u32,
             OifType => libc::NFT_META_OIFTYPE as u32,
+            SkUid => libc::NFT_META_SKUID as u32,
+            SkGid => libc::NFT_META_SKGID as u32,
             NfProto => libc::NFT_META_NFPROTO as u32,
             L4Proto => libc::NFT_META_L4PROTO as u32,
             Cgroup => libc::NFT_META_CGROUP as u32,
@@ -106,6 +112,12 @@ macro_rules! nft_expr_meta {
     (oiftype) => {
         $crate::expr::Meta::OifType
     };
+    (skuid) => {
+        $crate::expr::Meta::SkUid
+    };
+    (skgid) => {
+        $crate::expr::Meta::SkGid
+    };
     (nfproto) => {
         $crate::expr::Meta::NfProto
     };
author	David Lönnhager <david.l@mullvad.net>	2020-06-04 14:39:13 +0200
committer	David Lönnhager <david.l@mullvad.net>	2020-06-04 14:39:13 +0200
commit	21d2d2fa46532f603927bded1181975e8f0639c0 (patch)
tree	92a211c92470749f7516896c491853f8ac455462
parent	02b3e394e18ba94b77d368848eb4090e7875c1b7 (diff)