path: root/src/netlink_linearize.c
diff options
authorPablo Neira Ayuso <>2013-12-26 20:23:07 +0100
committerPablo Neira Ayuso <>2013-12-28 23:08:20 +0100
commit35f9338e6ae0169b9a8fd665d4f02608224010c5 (patch)
treeefed8635d49e5180e155827c6221c52b6b801ed9 /src/netlink_linearize.c
parenta54d7b05fb241dae62039d2c200e9a18941cf250 (diff)
netlink: add support to set meta keys
Arturo Borrero added kernel support to set meta keys in and the corresponding library support in This patch enhances nft to use this new kernel feature. The following example shows how to set the packet mark. % nft add rule ip filter input meta mark set 22 % nft list table filter table ip filter { chain input { type filter hook input priority 0; meta mark set 0x00000016 } } Signed-off-by: Pablo Neira Ayuso <>
Diffstat (limited to 'src/netlink_linearize.c')
1 files changed, 2 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index e64e92a8..0ac0218d 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -518,6 +518,8 @@ static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx,
nle = alloc_nft_expr("meta");
+ nft_rule_expr_set_u32(nle, NFT_EXPR_META_SREG, sreg);
+ nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, stmt->meta.key);
nft_rule_add_expr(ctx->nlr, nle);