From cc25fd4ce8bacea981c6343883cea918a28793b9 Mon Sep 17 00:00:00 2001 From: wenxu Date: Fri, 30 Aug 2019 12:01:33 +0800 Subject: meta: add ibrpvid and ibrvproto support This allows you to match the bridge pvid and vlan protocol, for instance: nft add rule bridge firewall zones meta ibrvproto vlan nft add rule bridge firewall zones meta ibrpvid 100 Signed-off-by: wenxu Signed-off-by: Pablo Neira Ayuso --- tests/py/bridge/meta.t | 2 ++ tests/py/bridge/meta.t.json | 26 ++++++++++++++++++++++++++ tests/py/bridge/meta.t.payload | 9 +++++++++ 3 files changed, 37 insertions(+) (limited to 'tests') diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t index 88e819f7..94525f29 100644 --- a/tests/py/bridge/meta.t +++ b/tests/py/bridge/meta.t @@ -4,3 +4,5 @@ meta obrname "br0";ok meta ibrname "br0";ok +meta ibrvproto vlan;ok +meta ibrpvid 100;ok diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json index 5df4773a..a7a180c2 100644 --- a/tests/py/bridge/meta.t.json +++ b/tests/py/bridge/meta.t.json @@ -23,3 +23,29 @@ } } ] + +# meta ibrvproto vlan +[ + { + "match": { + "left": { + "meta": { "key": "ibrvproto" } + }, + "op": "==", + "right": "vlan" + } + } +] + +# meta ibrpvid 100 +[ + { + "match": { + "left": { + "meta": { "key": "ibrpvid" } + }, + "op": "==", + "right": 100 + } + } +] diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload index 0f0d1017..aa8c994b 100644 --- a/tests/py/bridge/meta.t.payload +++ b/tests/py/bridge/meta.t.payload @@ -8,3 +8,12 @@ bridge test-bridge input [ meta load bri_iifname => reg 1 ] [ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ] +# meta ibrvproto vlan +bridge test-bridge input + [ meta load bri_iifvproto => reg 1 ] + [ cmp eq reg 1 0x00000081 ] + +# meta ibrpvid 100 +bridge test-bridge input + [ meta load bri_iifpvid => reg 1 ] + [ cmp eq reg 1 0x00000064 ] -- cgit v1.2.3