meta: add iifkind and oifkind support

This can be used to match the kind type of iif or oif interface of the packet. Example: add rule inet raw prerouting meta iifkind "vrf" accept Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Florian Westphal <fw@strlen.de>
author: wenxu <wenxu@ucloud.cn> 2019-01-24 22:23:49 +0800
committer: Florian Westphal <fw@strlen.de> 2019-01-28 07:36:22 +0100
commit: 512795a673f999fb04b84dbbbe41174e9c581430 (patch)
tree: 22becd9b9be0890253977be3709a87be73d8ac47 /include/linux
parent: 88ba0c92754d89c71dab11f701839522a5ddb5a9 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 1d13ad37..37036be0 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -789,6 +789,8 @@ enum nft_exthdr_attributes {
  * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
  * @NFT_META_PRANDOM: a 32bit pseudo-random number
  * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
+ * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -817,6 +819,8 @@ enum nft_meta_keys {
 	NFT_META_CGROUP,
 	NFT_META_PRANDOM,
 	NFT_META_SECPATH,
+	NFT_META_IIFKIND,
+	NFT_META_OIFKIND,
 };
 
 /**
author	wenxu <wenxu@ucloud.cn>	2019-01-24 22:23:49 +0800
committer	Florian Westphal <fw@strlen.de>	2019-01-28 07:36:22 +0100
commit	512795a673f999fb04b84dbbbe41174e9c581430 (patch)
tree	22becd9b9be0890253977be3709a87be73d8ac47 /include/linux
parent	88ba0c92754d89c71dab11f701839522a5ddb5a9 (diff)