src: add netdev family support

This patch adds support for the new 'netdev' table. So far, this table allows you to create filter chains from ingress. The following example shows a very simple base configuration with one table that contains a basechain that is attached to the 'eth0': # nft list table netdev filter table netdev filter { chain eth0-ingress { type filter hook ingress device eth0 priority 0; policy accept; } } You can test that this works by adding a simple rule with counters: # nft add rule netdev filter eth0-ingress counter Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-04 20:58:59 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2015-06-16 18:22:43 +0200
commit: 6c43069e5f2a55d769ec6d362bc863af906591d0 (patch)
tree: 24a979dfd7b04c5b57d2c02ffd996343325fdb60 /src/scanner.l
parent: 1e743925a597055c82200540a7c8c3e2ec506878 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/scanner.l b/src/scanner.l
index 985ea2a3..2d9871d0 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -233,6 +233,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "describe"		{ return DESCRIBE; }
 
 "hook"			{ return HOOK; }
+"device"		{ return DEVICE; }
 "table"			{ return TABLE; }
 "tables"		{ return TABLES; }
 "chain"			{ return CHAIN; }
@@ -255,6 +256,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "to"			{ return TO; }
 
 "inet"			{ return INET; }
+"netdev"		{ return NETDEV; }
 
 "add"			{ return ADD; }
 "update"		{ return UPDATE; }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-04 20:58:59 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2015-06-16 18:22:43 +0200
commit	6c43069e5f2a55d769ec6d362bc863af906591d0 (patch)
tree	24a979dfd7b04c5b57d2c02ffd996343325fdb60 /src/scanner.l
parent	1e743925a597055c82200540a7c8c3e2ec506878 (diff)