diff options
author | Patrick McHardy <kaber@trash.net> | 2014-01-08 13:02:16 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2014-01-08 13:03:19 +0000 |
commit | 87787ee86ec95a8a5494615268a03a756f48433f (patch) | |
tree | e650af949a46f09b94f404c02bd9e5db8e9dc48d /src/meta.c | |
parent | 4180fba3821d13f06fde2d662d7000e99d140693 (diff) |
meta: add l4proto support
Add support for the meta l4proto type. This is used in the inet table to
match on the transport layer protocol without requiring the network layer
protocol to be known, allowing to use transport header matches that apply
to both IPv4 and IPv6.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'src/meta.c')
-rw-r--r-- | src/meta.c | 14 |
1 files changed, 14 insertions, 0 deletions
@@ -303,6 +303,8 @@ static const struct meta_template meta_templates[] = { 2 * 8, BYTEORDER_BIG_ENDIAN), [NFT_META_NFPROTO] = META_TEMPLATE("nfproto", &nfproto_type, 1 * 8, BYTEORDER_HOST_ENDIAN), + [NFT_META_L4PROTO] = META_TEMPLATE("l4proto", &inet_protocol_type, + 1 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_PRIORITY] = META_TEMPLATE("priority", &tchandle_type, 4 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_MARK] = META_TEMPLATE("mark", &mark_type, @@ -378,6 +380,14 @@ static void meta_expr_pctx_update(struct proto_ctx *ctx, proto_ctx_update(ctx, PROTO_BASE_NETWORK_HDR, &expr->location, desc); break; + case NFT_META_L4PROTO: + desc = proto_find_upper(&proto_inet_service, + mpz_get_uint8(right->value)); + if (desc == NULL) + desc = &proto_unknown; + + proto_ctx_update(ctx, PROTO_BASE_TRANSPORT_HDR, &expr->location, desc); + break; default: break; } @@ -408,6 +418,10 @@ struct expr *meta_expr_alloc(const struct location *loc, enum nft_meta_keys key) expr->flags |= EXPR_F_PROTOCOL; expr->meta.base = PROTO_BASE_LL_HDR; break; + case NFT_META_L4PROTO: + expr->flags |= EXPR_F_PROTOCOL; + expr->meta.base = PROTO_BASE_NETWORK_HDR; + break; default: break; } |