diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-26 20:23:07 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-12-28 23:08:20 +0100 |
commit | 35f9338e6ae0169b9a8fd665d4f02608224010c5 (patch) | |
tree | efed8635d49e5180e155827c6221c52b6b801ed9 /src/netlink_linearize.c | |
parent | a54d7b05fb241dae62039d2c200e9a18941cf250 (diff) |
netlink: add support to set meta keys
Arturo Borrero added kernel support to set meta keys in
http://patchwork.ozlabs.org/patch/305281/ and the corresponding
library support in http://patchwork.ozlabs.org/patch/305283/.
This patch enhances nft to use this new kernel feature. The
following example shows how to set the packet mark.
% nft add rule ip filter input meta mark set 22
% nft list table filter
table ip filter {
chain input {
type filter hook input priority 0;
meta mark set 0x00000016
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index e64e92a8..0ac0218d 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -518,6 +518,8 @@ static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx, release_register(ctx); nle = alloc_nft_expr("meta"); + nft_rule_expr_set_u32(nle, NFT_EXPR_META_SREG, sreg); + nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, stmt->meta.key); nft_rule_add_expr(ctx->nlr, nle); } |