diff options
author | wenxu <wenxu@ucloud.cn> | 2019-01-24 22:23:49 +0800 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2019-01-28 07:36:22 +0100 |
commit | 512795a673f999fb04b84dbbbe41174e9c581430 (patch) | |
tree | 22becd9b9be0890253977be3709a87be73d8ac47 /include/linux/netfilter/nf_tables.h | |
parent | 88ba0c92754d89c71dab11f701839522a5ddb5a9 (diff) |
meta: add iifkind and oifkind support
This can be used to match the kind type of iif or oif
interface of the packet. Example:
add rule inet raw prerouting meta iifkind "vrf" accept
Signed-off-by: wenxu <wenxu@ucloud.cn>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'include/linux/netfilter/nf_tables.h')
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 1d13ad37..37036be0 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -789,6 +789,8 @@ enum nft_exthdr_attributes { * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid) * @NFT_META_PRANDOM: a 32bit pseudo-random number * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp) + * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind) + * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind) */ enum nft_meta_keys { NFT_META_LEN, @@ -817,6 +819,8 @@ enum nft_meta_keys { NFT_META_CGROUP, NFT_META_PRANDOM, NFT_META_SECPATH, + NFT_META_IIFKIND, + NFT_META_OIFKIND, }; /** |