From 6c43069e5f2a55d769ec6d362bc863af906591d0 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 4 Jun 2015 20:58:59 +0200
Subject: src: add netdev family support

This patch adds support for the new 'netdev' table. So far, this table allows
you to create filter chains from ingress.

The following example shows a very simple base configuration with one table that
contains a basechain that is attached to the 'eth0':

 # nft list table netdev filter
 table netdev filter {
        chain eth0-ingress {
                type filter hook ingress device eth0 priority 0; policy accept;
        }
 }

You can test that this works by adding a simple rule with counters:

 # nft add rule netdev filter eth0-ingress counter

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/evaluate.c')

diff --git a/src/evaluate.c b/src/evaluate.c
index d99b38f4..0bf4fecb 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1847,6 +1847,10 @@ static uint32_t str2hooknum(uint32_t family, const char *hook)
 		else if (!strcmp(hook, "output"))
 			return NF_ARP_OUT;
 		break;
+	case NFPROTO_NETDEV:
+		if (!strcmp(hook, "ingress"))
+			return NF_NETDEV_INGRESS;
+		break;
 	default:
 		break;
 	}
-- 
cgit v1.2.3