# meta nfproto ipv4 ip test-ip4 input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] # meta nfproto ipv6 ip test-ip4 input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] # meta nfproto {ipv4, ipv6} __set%d test-ip4 3 __set%d test-ip4 0 element 00000002 : 0 [end] element 0000000a : 0 [end] ip test-ip4 input [ meta load nfproto => reg 1 ] [ lookup reg 1 set __set%d ] # meta nfproto != {ipv4, ipv6} __set%d test-ip4 3 __set%d test-ip4 0 element 00000002 : 0 [end] element 0000000a : 0 [end] ip test-ip4 input [ meta load nfproto => reg 1 ] [ lookup reg 1 set __set%d 0x1 ] # meta nfproto ipv6 tcp dport 22 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # meta nfproto ipv4 tcp dport 22 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00001600 ] # meta nfproto ipv4 ip saddr 1.2.3.4 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x04030201 ] # meta nfproto ipv6 meta l4proto tcp inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x0000000a ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] # meta nfproto ipv4 counter ip saddr 1.2.3.4 inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ counter pkts 0 bytes 0 ] [ payload load 4b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x04030201 ] # meta ipsec exists inet test-inet input [ meta load secpath => reg 1 ] [ cmp eq reg 1 0x00000001 ] # meta secpath missing inet test-inet input [ meta load secpath => reg 1 ] [ cmp eq reg 1 0x00000000 ] # meta mark set ct mark >> 8 inet test-inet input [ ct load mark => reg 1 ] [ bitwise reg 1 = ( reg 1 >> 0x00000008 ) ] [ meta set mark with reg 1 ] # meta protocol ip udp dport 67 inet test-inet input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x00000008 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00004300 ] # meta protocol ip6 udp dport 67 inet test-inet input [ meta load protocol => reg 1 ] [ cmp eq reg 1 0x0000dd86 ] [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00004300 ] # meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 } __set%d test-inet 87 size 1 __set%d test-inet 0 element 0a000000 00005000 - 14000000 00005a00 : 0 [end] element 00001000 00006400 - 23011000 00007800 : 0 [end] ip test-inet input [ meta load l4proto => reg 1 ] [ cmp eq reg 1 0x00000006 ] [ meta load mark => reg 1 ] [ byteorder reg 1 = hton(reg 1, 4, 4) ] [ payload load 2b @ transport header + 2 => reg 9 ] [ lookup reg 1 set __set%d ] # ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 1.2.3.6-1.2.3.8 . 0x00000200-0x00000300 } __set%d test-inet 87 size 2 __set%d test-inet 0 element 04030201 00010000 - 04030201 00010000 : 0 [end] element 06030201 00020000 - 08030201 00030000 : 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] [ meta load mark => reg 9 ] [ byteorder reg 9 = hton(reg 9, 4, 4) ] [ lookup reg 1 set __set%d ] # ip saddr . meta mark { 1.2.3.4 . 0x00000100 , 5.6.7.8 . 0x00000200 } __set%d test-inet 3 size 2 __set%d test-inet 0 element 04030201 00000100 : 0 [end] element 08070605 00000200 : 0 [end] inet test-inet input [ meta load nfproto => reg 1 ] [ cmp eq reg 1 0x00000002 ] [ payload load 4b @ network header + 12 => reg 1 ] [ meta load mark => reg 9 ] [ lookup reg 1 set __set%d ]