From 87787ee86ec95a8a5494615268a03a756f48433f Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 8 Jan 2014 13:02:16 +0000 Subject: meta: add l4proto support Add support for the meta l4proto type. This is used in the inet table to match on the transport layer protocol without requiring the network layer protocol to be known, allowing to use transport header matches that apply to both IPv4 and IPv6. Signed-off-by: Patrick McHardy --- src/meta.c | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'src/meta.c') diff --git a/src/meta.c b/src/meta.c index 1286569a..d7b024b6 100644 --- a/src/meta.c +++ b/src/meta.c @@ -303,6 +303,8 @@ static const struct meta_template meta_templates[] = { 2 * 8, BYTEORDER_BIG_ENDIAN), [NFT_META_NFPROTO] = META_TEMPLATE("nfproto", &nfproto_type, 1 * 8, BYTEORDER_HOST_ENDIAN), + [NFT_META_L4PROTO] = META_TEMPLATE("l4proto", &inet_protocol_type, + 1 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_PRIORITY] = META_TEMPLATE("priority", &tchandle_type, 4 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_MARK] = META_TEMPLATE("mark", &mark_type, @@ -378,6 +380,14 @@ static void meta_expr_pctx_update(struct proto_ctx *ctx, proto_ctx_update(ctx, PROTO_BASE_NETWORK_HDR, &expr->location, desc); break; + case NFT_META_L4PROTO: + desc = proto_find_upper(&proto_inet_service, + mpz_get_uint8(right->value)); + if (desc == NULL) + desc = &proto_unknown; + + proto_ctx_update(ctx, PROTO_BASE_TRANSPORT_HDR, &expr->location, desc); + break; default: break; } @@ -408,6 +418,10 @@ struct expr *meta_expr_alloc(const struct location *loc, enum nft_meta_keys key) expr->flags |= EXPR_F_PROTOCOL; expr->meta.base = PROTO_BASE_LL_HDR; break; + case NFT_META_L4PROTO: + expr->flags |= EXPR_F_PROTOCOL; + expr->meta.base = PROTO_BASE_NETWORK_HDR; + break; default: break; } -- cgit v1.2.3