src: add netdev family support

This patch adds support for the new 'netdev' table. So far, this table allows
you to create filter chains from ingress.

The following example shows a very simple base configuration with one table that
contains a basechain that is attached to the 'eth0':

 # nft list table netdev filter
 table netdev filter {
        chain eth0-ingress {
                type filter hook ingress device eth0 priority 0; policy accept;
        }
 }

You can test that this works by adding a simple rule with counters:

 # nft add rule netdev filter eth0-ingress counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 7 insertions, 0 deletions

diff --git a/src/netlink.c b/src/netlink.c
index 1167c951..bef33a1d 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -555,6 +555,9 @@ static int netlink_add_chain_batch(struct netlink_ctx *ctx,
 		if (chain->policy != -1)
 			nft_chain_attr_set_u32(nlc, NFT_CHAIN_ATTR_POLICY,
 					       chain->policy);
+		if (chain->dev != NULL)
+			nft_chain_attr_set_str(nlc, NFT_CHAIN_ATTR_DEV,
+					       chain->dev);
 	}
 
 	netlink_dump_chain(nlc);
@@ -697,6 +700,10 @@ static struct chain *netlink_delinearize_chain(struct netlink_ctx *ctx,
 			xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_TYPE));
 		chain->policy          =
 			nft_chain_attr_get_u32(nlc, NFT_CHAIN_ATTR_POLICY);
+		if (nft_chain_attr_is_set(nlc, NFT_CHAIN_ATTR_DEV)) {
+			chain->dev	=
+				xstrdup(nft_chain_attr_get_str(nlc, NFT_CHAIN_ATTR_DEV));
+		}
 		chain->flags        |= CHAIN_F_BASECHAIN;
 	}