netfilter: nf_tables: add nfproto support to meta expression
Needed by multi-family tables to distinguish IPv4 and IPv6 packets. Signed-off-by: Patrick McHardy <kaber@trash.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
1d49144c0a
commit
124edfa9e0
@ -531,6 +531,7 @@ enum nft_exthdr_attributes {
|
||||
* @NFT_META_NFTRACE: packet nftrace bit
|
||||
* @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
|
||||
* @NFT_META_SECMARK: packet secmark (skb->secmark)
|
||||
* @NFT_META_NFPROTO: netfilter protocol
|
||||
*/
|
||||
enum nft_meta_keys {
|
||||
NFT_META_LEN,
|
||||
@ -548,6 +549,7 @@ enum nft_meta_keys {
|
||||
NFT_META_NFTRACE,
|
||||
NFT_META_RTCLASSID,
|
||||
NFT_META_SECMARK,
|
||||
NFT_META_NFPROTO,
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -43,6 +43,9 @@ static void nft_meta_get_eval(const struct nft_expr *expr,
|
||||
case NFT_META_PROTOCOL:
|
||||
*(__be16 *)dest->data = skb->protocol;
|
||||
break;
|
||||
case NFT_META_NFPROTO:
|
||||
dest->data[0] = pkt->ops->pf;
|
||||
break;
|
||||
case NFT_META_PRIORITY:
|
||||
dest->data[0] = skb->priority;
|
||||
break;
|
||||
@ -181,6 +184,7 @@ static int nft_meta_init_validate_get(uint32_t key)
|
||||
switch (key) {
|
||||
case NFT_META_LEN:
|
||||
case NFT_META_PROTOCOL:
|
||||
case NFT_META_NFPROTO:
|
||||
case NFT_META_PRIORITY:
|
||||
case NFT_META_MARK:
|
||||
case NFT_META_IIF:
|
||||
|
Loading…
Reference in New Issue
Block a user