src: add new netdev protocol description

This relies on NFT_META_PROTOCOL instead of ethernet protocol type
header field to prepare support for non-ethernet protocols in the
future.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 17 insertions, 1 deletions

diff --git a/src/meta.c b/src/meta.c
index d31d2922..8cbc9745 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -470,7 +470,9 @@ static void meta_expr_pctx_update(struct proto_ctx *ctx,
 
 	switch (left->meta.key) {
 	case NFT_META_IIFTYPE:
-		if (h->base < PROTO_BASE_NETWORK_HDR && ctx->family != NFPROTO_INET)
+		if (h->base < PROTO_BASE_NETWORK_HDR &&
+		    ctx->family != NFPROTO_INET &&
+		    ctx->family != NFPROTO_NETDEV)
 			return;
 
 		desc = proto_dev_desc(mpz_get_uint16(right->value));
@@ -494,6 +496,16 @@ static void meta_expr_pctx_update(struct proto_ctx *ctx,
 
 		proto_ctx_update(ctx, PROTO_BASE_TRANSPORT_HDR, &expr->location, desc);
 		break;
+	case NFT_META_PROTOCOL:
+		if (h->base < PROTO_BASE_NETWORK_HDR && ctx->family != NFPROTO_NETDEV)
+			return;
+
+		desc = proto_find_upper(h->desc, ntohs(mpz_get_uint16(right->value)));
+		if (desc == NULL)
+			desc = &proto_unknown;
+
+		proto_ctx_update(ctx, PROTO_BASE_NETWORK_HDR, &expr->location, desc);
+		break;
 	default:
 		break;
 	}
@@ -529,6 +541,10 @@ struct expr *meta_expr_alloc(const struct location *loc, enum nft_meta_keys key)
 		expr->flags |= EXPR_F_PROTOCOL;
 		expr->meta.base = PROTO_BASE_NETWORK_HDR;
 		break;
+	case NFT_META_PROTOCOL:
+		expr->flags |= EXPR_F_PROTOCOL;
+		expr->meta.base = PROTO_BASE_LL_HDR;
+		break;
 	default:
 		break;
 	}