meta: add ibrpvid and ibrvproto support

This allows you to match the bridge pvid and vlan protocol, for instance: nft add rule bridge firewall zones meta ibrvproto vlan nft add rule bridge firewall zones meta ibrpvid 100 Signed-off-by: wenxu <wenxu@ucloud.cn> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: wenxu <wenxu@ucloud.cn> 2019-08-30 12:01:33 +0800
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-08-30 13:28:10 +0200
commit: cc25fd4ce8bacea981c6343883cea918a28793b9 (patch)
tree: e51c3689c893904257b34a12555cf20d391a04d1
parent: cda5c8c26f329bbd3655fd7d1af4e1eec55ec397 (diff)
4 files changed, 43 insertions, 0 deletions
diff --git a/src/meta.c b/src/meta.c
index 5901c991..0cd7eeea 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -442,6 +442,12 @@ const struct meta_template meta_templates[] = {
 	[NFT_META_OIFKIND]	= META_TEMPLATE("oifkind",   &ifname_type,
 						IFNAMSIZ * BITS_PER_BYTE,
 						BYTEORDER_HOST_ENDIAN),
+	[NFT_META_BRI_IIFPVID]	= META_TEMPLATE("ibrpvid",   &integer_type,
+						2 * BITS_PER_BYTE,
+						BYTEORDER_HOST_ENDIAN),
+	[NFT_META_BRI_IIFVPROTO] = META_TEMPLATE("ibrvproto",   &ethertype_type,
+						 2 * BITS_PER_BYTE,
+						 BYTEORDER_BIG_ENDIAN),
 };
 
 static bool meta_key_is_unqualified(enum nft_meta_keys key)
diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t
index 88e819f7..94525f29 100644
--- a/tests/py/bridge/meta.t
+++ b/tests/py/bridge/meta.t
@@ -4,3 +4,5 @@
 
 meta obrname "br0";ok
 meta ibrname "br0";ok
+meta ibrvproto vlan;ok
+meta ibrpvid 100;ok
diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json
index 5df4773a..a7a180c2 100644
--- a/tests/py/bridge/meta.t.json
+++ b/tests/py/bridge/meta.t.json
@@ -23,3 +23,29 @@
         }
     }
 ]
+
+# meta ibrvproto vlan
+[
+    {
+        "match": {
+            "left": {
+                "meta": { "key": "ibrvproto" }
+            },
+	    "op": "==",
+            "right": "vlan"
+        }
+    }
+]
+
+# meta ibrpvid 100
+[
+    {
+        "match": {
+            "left": {
+                "meta": { "key": "ibrpvid" }
+            },
+	    "op": "==",
+            "right": 100
+        }
+    }
+]
diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload
index 0f0d1017..aa8c994b 100644
--- a/tests/py/bridge/meta.t.payload
+++ b/tests/py/bridge/meta.t.payload
@@ -8,3 +8,12 @@ bridge test-bridge input
   [ meta load bri_iifname => reg 1 ]
   [ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ]
 
+# meta ibrvproto vlan
+bridge test-bridge input
+  [ meta load bri_iifvproto => reg 1 ]
+  [ cmp eq reg 1 0x00000081 ]
+
+# meta ibrpvid 100
+bridge test-bridge input
+  [ meta load bri_iifpvid => reg 1 ]
+  [ cmp eq reg 1 0x00000064 ]
author	wenxu <wenxu@ucloud.cn>	2019-08-30 12:01:33 +0800
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-08-30 13:28:10 +0200
commit	cc25fd4ce8bacea981c6343883cea918a28793b9 (patch)
tree	e51c3689c893904257b34a12555cf20d391a04d1
parent	cda5c8c26f329bbd3655fd7d1af4e1eec55ec397 (diff)