diff options
-rw-r--r-- | doc/primary-expression.txt | 6 | ||||
-rw-r--r-- | include/linux/netfilter/nf_tables.h | 4 | ||||
-rw-r--r-- | src/meta.c | 6 | ||||
-rw-r--r-- | tests/py/ip/meta.t | 3 | ||||
-rw-r--r-- | tests/py/ip/meta.t.payload | 11 | ||||
-rw-r--r-- | tests/py/ip6/meta.t | 3 | ||||
-rw-r--r-- | tests/py/ip6/meta.t.payload | 12 |
7 files changed, 45 insertions, 0 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 6f636e13..94eccc20 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -76,6 +76,12 @@ ifname |oiftype| Output interface hardware type| iface_type +|sdif| +Slave device input interface index | +iface_index +|sdifname| +Slave device interface name| +ifname |skuid| UID associated with originating socket| uid diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index ed8881ad..c556ccd3 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -803,6 +803,8 @@ enum nft_exthdr_attributes { * @NFT_META_TIME_NS: time since epoch (in nanoseconds) * @NFT_META_TIME_DAY: day of week (from 0 = Sunday to 6 = Saturday) * @NFT_META_TIME_HOUR: hour of day (in seconds) + * @NFT_META_SDIF: slave device interface index + * @NFT_META_SDIFNAME: slave device interface name */ enum nft_meta_keys { NFT_META_LEN, @@ -838,6 +840,8 @@ enum nft_meta_keys { NFT_META_TIME_NS, NFT_META_TIME_DAY, NFT_META_TIME_HOUR, + NFT_META_SDIF, + NFT_META_SDIFNAME, }; /** @@ -700,6 +700,12 @@ const struct meta_template meta_templates[] = { BYTEORDER_HOST_ENDIAN), [NFT_META_SECMARK] = META_TEMPLATE("secmark", &integer_type, 32, BYTEORDER_HOST_ENDIAN), + [NFT_META_SDIF] = META_TEMPLATE("sdif", &ifindex_type, + sizeof(int) * BITS_PER_BYTE, + BYTEORDER_HOST_ENDIAN), + [NFT_META_SDIFNAME] = META_TEMPLATE("sdifname", &ifname_type, + IFNAMSIZ * BITS_PER_BYTE, + BYTEORDER_HOST_ENDIAN), }; static bool meta_key_is_unqualified(enum nft_meta_keys key) diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t index 4db88354..f733d22d 100644 --- a/tests/py/ip/meta.t +++ b/tests/py/ip/meta.t @@ -10,3 +10,6 @@ icmpv6 type nd-router-advert;ok meta ibrname "br0";fail meta obrname "br0";fail + +meta sdif "lo" accept;ok +meta sdifname != "vrf1" accept;ok diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload index 322c0878..7bc69a29 100644 --- a/tests/py/ip/meta.t.payload +++ b/tests/py/ip/meta.t.payload @@ -33,3 +33,14 @@ ip test-ip4 input [ payload load 1b @ transport header + 0 => reg 1 ] [ cmp eq reg 1 0x00000086 ] +# meta sdif "lo" accept +ip6 test-ip4 input + [ meta load sdif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta sdifname != "vrf1" accept +ip6 test-ip4 input + [ meta load sdifname => reg 1 ] + [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ] + [ immediate reg 0 accept ] diff --git a/tests/py/ip6/meta.t b/tests/py/ip6/meta.t index 24445084..dce97f5b 100644 --- a/tests/py/ip6/meta.t +++ b/tests/py/ip6/meta.t @@ -8,3 +8,6 @@ meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-adv meta l4proto icmp icmp type echo-request;ok;icmp type echo-request meta l4proto 1 icmp type echo-request;ok;icmp type echo-request icmp type echo-request;ok + +meta sdif "lo" accept;ok +meta sdifname != "vrf1" accept;ok diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload index f203baab..be04816e 100644 --- a/tests/py/ip6/meta.t.payload +++ b/tests/py/ip6/meta.t.payload @@ -32,3 +32,15 @@ ip6 test-ip6 input [ cmp eq reg 1 0x00000001 ] [ payload load 1b @ transport header + 0 => reg 1 ] [ cmp eq reg 1 0x00000008 ] + +# meta sdif "lo" accept +ip6 test-ip6 input + [ meta load sdif => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + [ immediate reg 0 accept ] + +# meta sdifname != "vrf1" accept +ip6 test-ip6 input + [ meta load sdifname => reg 1 ] + [ cmp neq reg 1 0x31667276 0x00000000 0x00000000 0x00000000 ] + [ immediate reg 0 accept ] |