diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-11-19 12:49:53 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-01-31 22:32:18 +0100 |
| commit | 8a236ef68cd43af81fac10c5b58658514273a14e (patch) | |
| tree | 5968a7a58ae55623a73154bb25843d6e365c2ac2 | |
| parent | 55e7822dbe8c70d067b63ea8518359639386e7c6 (diff) | |
src: add dup statement for netdev
This patch contains the missing chunk to add support for the netdev
family. Part of the support slipped through in the original patch to
add the dup statement for IPv4 and IPv6.
# nft add table netdev filter
# nft add chain netdev filter ingress { type filter hook ingress device eth0 priority 0\; }
# nft add rule netdev filter ingress dup to dummy0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/evaluate.c | 15 | ||||
| -rw-r--r-- | tests/py/any/dup.t | 7 | ||||
| -rw-r--r-- | tests/py/any/dup.t.payload | 14 |
3 files changed, 36 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 6277f14e..ce132e3c 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1864,6 +1864,21 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt) return err; } break; + case NFPROTO_NETDEV: + if (stmt->dup.to == NULL) + return stmt_error(ctx, stmt, + "missing destination interface"); + if (stmt->dup.dev != NULL) + return stmt_error(ctx, stmt, "cannot specify device"); + + err = stmt_evaluate_arg(ctx, stmt, &ifindex_type, + sizeof(uint32_t) * BITS_PER_BYTE, + &stmt->dup.to); + if (err < 0) + return err; + break; + default: + return stmt_error(ctx, stmt, "unsupported family"); } return 0; } diff --git a/tests/py/any/dup.t b/tests/py/any/dup.t new file mode 100644 index 00000000..7df24a1c --- /dev/null +++ b/tests/py/any/dup.t @@ -0,0 +1,7 @@ +:ingress;type filter hook ingress device lo priority 0 + +*netdev;test-netdev;ingress + +dup to lo;ok +dup to mark map { 0x00000001 : lo, 0x00000002 : lo};ok + diff --git a/tests/py/any/dup.t.payload b/tests/py/any/dup.t.payload new file mode 100644 index 00000000..206a9ec0 --- /dev/null +++ b/tests/py/any/dup.t.payload @@ -0,0 +1,14 @@ +# dup to lo +netdev test-netdev ingress + [ immediate reg 1 0x00000001 ] + [ dup sreg_dev 1 ] + +# dup to mark map { 0x00000001 : lo, 0x00000002 : lo} +map%d test-netdev b +map%d test-netdev 0 + element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end] +netdev test-netdev ingress + [ meta load mark => reg 1 ] + [ lookup reg 1 set map%d dreg 1 ] + [ dup sreg_dev 1 ] + |