From 97f0ffc9efa7a0c7ecfbbfacf1fb066a2a350ad8 Mon Sep 17 00:00:00 2001 From: Ana Rey Date: Tue, 5 Aug 2014 20:33:39 +0200 Subject: src: Add support for pkttype in meta expresion If you want to match the pkttype field of the skbuff, you have to use the following syntax: nft add rule ip filter input meta pkttype PACKET_TYPE where PACKET_TYPE can be: unicast, broadcast and multicast. Joint work with Alvaro Neira Ayuso Signed-off-by: Alvaro Neira Ayuso Signed-off-by: Ana Rey Signed-off-by: Pablo Neira Ayuso --- include/datatype.h | 2 ++ include/linux/netfilter/nf_tables.h | 2 ++ 2 files changed, 4 insertions(+) (limited to 'include') diff --git a/include/datatype.h b/include/datatype.h index 2c66e9d9..51822637 100644 --- a/include/datatype.h +++ b/include/datatype.h @@ -35,6 +35,7 @@ * @TYPE_CT_STATUS: conntrack status (bitmask subtype) * @TYPE_ICMP6_TYPE: ICMPv6 type codes (integer subtype) * @TYPE_CT_LABEL: Conntrack Label (bitmask subtype) + * @TYPE_PKTTYPE: packet type (integer subtype) */ enum datatypes { TYPE_INVALID, @@ -68,6 +69,7 @@ enum datatypes { TYPE_CT_STATUS, TYPE_ICMP6_TYPE, TYPE_CT_LABEL, + TYPE_PKTTYPE, __TYPE_MAX }; #define TYPE_MAX (__TYPE_MAX - 1) diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index a5f8ec05..d31bbcf0 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -535,6 +535,7 @@ enum nft_exthdr_attributes { * @NFT_META_L4PROTO: layer 4 protocol number * @NFT_META_BRI_IIFNAME: packet input bridge interface name * @NFT_META_BRI_OIFNAME: packet output bridge interface name + * @NFT_META_PKTTYPE: packet type (skb->pkt_type), special handling for loopback */ enum nft_meta_keys { NFT_META_LEN, @@ -556,6 +557,7 @@ enum nft_meta_keys { NFT_META_L4PROTO, NFT_META_BRI_IIFNAME, NFT_META_BRI_OIFNAME, + NFT_META_PKTTYPE, }; /** -- cgit v1.2.3