summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/nf_tables.h4
-rw-r--r--src/chain.c1
-rw-r--r--src/expr/meta.c4
-rw-r--r--src/utils.c4
4 files changed, 12 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index e08f80e..fc0f669 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -452,6 +452,8 @@ enum nft_exthdr_attributes {
* @NFT_META_NFTRACE: packet nftrace bit
* @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
* @NFT_META_SECMARK: packet secmark (skb->secmark)
+ * @NFT_META_NFPROTO: netfilter protocol
+ * @NFT_META_L4PROTO: layer 4 protocol number
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -469,6 +471,8 @@ enum nft_meta_keys {
NFT_META_NFTRACE,
NFT_META_RTCLASSID,
NFT_META_SECMARK,
+ NFT_META_NFPROTO,
+ NFT_META_L4PROTO,
};
/**
diff --git a/src/chain.c b/src/chain.c
index a0004b5..b1a692a 100644
--- a/src/chain.c
+++ b/src/chain.c
@@ -50,6 +50,7 @@ static const char *nft_hooknum2str(int family, int hooknum)
switch (family) {
case NFPROTO_IPV4:
case NFPROTO_IPV6:
+ case NFPROTO_INET:
case NFPROTO_BRIDGE:
switch (hooknum) {
case NF_INET_PRE_ROUTING:
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 6899d69..490d64a 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -23,7 +23,7 @@
#include "expr_ops.h"
#ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_SECMARK + 1)
+#define NFT_META_MAX (NFT_META_L4PROTO + 1)
#endif
struct nft_expr_meta {
@@ -139,6 +139,8 @@ nft_rule_expr_meta_parse(struct nft_rule_expr *e, struct nlattr *attr)
const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_LEN] = "len",
[NFT_META_PROTOCOL] = "protocol",
+ [NFT_META_NFPROTO] = "nfproto",
+ [NFT_META_L4PROTO] = "l4proto",
[NFT_META_PRIORITY] = "priority",
[NFT_META_MARK] = "mark",
[NFT_META_IIF] = "iif",
diff --git a/src/utils.c b/src/utils.c
index 2415917..6fd8e03 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -27,6 +27,8 @@ const char *nft_family2str(uint32_t family)
return "ip";
case AF_INET6:
return "ip6";
+ case 1:
+ return "inet";
case AF_BRIDGE:
return "bridge";
case 3: /* NFPROTO_ARP */
@@ -42,6 +44,8 @@ int nft_str2family(const char *family)
return AF_INET;
else if (strcmp(family, "ip6") == 0)
return AF_INET6;
+ else if (strcmp(family, "inet") == 0)
+ return 1;
else if (strcmp(family, "bridge") == 0)
return AF_BRIDGE;
else if (strcmp(family, "arp") == 0)