netlink: add support to set meta keys

Arturo Borrero added kernel support to set meta keys in http://patchwork.ozlabs.org/patch/305281/ and the corresponding library support in http://patchwork.ozlabs.org/patch/305283/. This patch enhances nft to use this new kernel feature. The following example shows how to set the packet mark. % nft add rule ip filter input meta mark set 22 % nft list table filter table ip filter { chain input { type filter hook input priority 0; meta mark set 0x00000016 } } Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-26 20:23:07 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-28 23:08:20 +0100
commit: 35f9338e6ae0169b9a8fd665d4f02608224010c5 (patch)
tree: efed8635d49e5180e155827c6221c52b6b801ed9 /src/netlink_linearize.c
parent: a54d7b05fb241dae62039d2c200e9a18941cf250 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index e64e92a8..0ac0218d 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -518,6 +518,8 @@ static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx,
 	release_register(ctx);
 
 	nle = alloc_nft_expr("meta");
+	nft_rule_expr_set_u32(nle, NFT_EXPR_META_SREG, sreg);
+	nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, stmt->meta.key);
 	nft_rule_add_expr(ctx->nlr, nle);
 }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-26 20:23:07 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-28 23:08:20 +0100
commit	35f9338e6ae0169b9a8fd665d4f02608224010c5 (patch)
tree	efed8635d49e5180e155827c6221c52b6b801ed9 /src/netlink_linearize.c
parent	a54d7b05fb241dae62039d2c200e9a18941cf250 (diff)