From 35f9338e6ae0169b9a8fd665d4f02608224010c5 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 26 Dec 2013 20:23:07 +0100
Subject: netlink: add support to set meta keys

Arturo Borrero added kernel support to set meta keys in
http://patchwork.ozlabs.org/patch/305281/ and the corresponding
library support in http://patchwork.ozlabs.org/patch/305283/.

This patch enhances nft to use this new kernel feature. The
following example shows how to set the packet mark.

% nft add rule ip filter input meta mark set 22
% nft list table filter
table ip filter {
        chain input {
                 type filter hook input priority 0;
                 meta mark set 0x00000016
        }
}

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/netlink_linearize.c | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/netlink_linearize.c')

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index e64e92a8..0ac0218d 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -518,6 +518,8 @@ static void netlink_gen_meta_stmt(struct netlink_linearize_ctx *ctx,
 	release_register(ctx);
 
 	nle = alloc_nft_expr("meta");
+	nft_rule_expr_set_u32(nle, NFT_EXPR_META_SREG, sreg);
+	nft_rule_expr_set_u32(nle, NFT_EXPR_META_KEY, stmt->meta.key);
 	nft_rule_add_expr(ctx->nlr, nle);
 }
 
-- 
cgit v1.2.3