[
  {
    "match": [
      /* Is somebody trying to create a route? Hang on... */
      { "sendmsg": { "fd": { "set": "fd" },
                     "msg": { "iov": { "set": "buf", "value": { "netlink": { "type": "newroute", "flags": { "all": [ "create", "request" ] } } } } } }
      }
    ],
    "call": [
      /* Create a new socket, owned by us */
      { "socket": { "family": "netlink", "type": "raw", "flags": "nonblock", "protocol": "nl_route" }, "ret": "new_fd" },

      /* Bind it for netlink usage */
      { "bind": { "fd": { "get": "new_fd" }, "addr": { "family": "netlink", "pid": 0, "groups": 0 } }, "ret": "y" },

      /* And re-send the original message */
      { "sendmsg": { "fd": { "get": "new_fd" }, "msg": { "name": { "family": "netlink", "pid": 0, "groups": 0 }, "iovlen": 1, "iov": { "get": "buf" } }, "flags": 0 }, "ret": "n" }
    ],
    /* Then, sneak our socket back into the calling process */
    "fd": { "src": { "get": "fd" }, "new": { "set": "new_fd" }, "close_on_exec": false },

    /* And report success, or failure */
    "return": { "value": "n", "error": "n" }
  },
  {
    /* FIXME: Unblock subsequent recvmsg(). To keep this clean, we should proxy
     * it ourselves.
     */
    "match": [
      { "recvmsg": { "fd": 4 /* TODO: get *our* new number */ } }
    ],
    "return": { "value": 0, "error": 0 }
  }
]