Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 124edfa9 authored Jan 03, 2014 by Patrick McHardy Committed by Pablo Neira Ayuso Jan 07, 2014

netfilter: nf_tables: add nfproto support to meta expression



Needed by multi-family tables to distinguish IPv4 and IPv6 packets.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 1d49144c

include/uapi/linux/netfilter/nf_tables.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -531,6 +531,7 @@ enum nft_exthdr_attributes {
		* @NFT_META_NFTRACE: packet nftrace bit
		* @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
		* @NFT_META_SECMARK: packet secmark (skb->secmark)
		* @NFT_META_NFPROTO: netfilter protocol
		*/
		enum nft_meta_keys {
		NFT_META_LEN,
		@@ -548,6 +549,7 @@ enum nft_meta_keys {
		NFT_META_NFTRACE,
		NFT_META_RTCLASSID,
		NFT_META_SECMARK,
		NFT_META_NFPROTO,
		};

		/**

net/netfilter/nft_meta.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -43,6 +43,9 @@ static void nft_meta_get_eval(const struct nft_expr *expr,
		case NFT_META_PROTOCOL:
		(__be16 )dest->data = skb->protocol;
		break;
		case NFT_META_NFPROTO:
		dest->data[0] = pkt->ops->pf;
		break;
		case NFT_META_PRIORITY:
		dest->data[0] = skb->priority;
		break;
		@@ -181,6 +184,7 @@ static int nft_meta_init_validate_get(uint32_t key)
		switch (key) {
		case NFT_META_LEN:
		case NFT_META_PROTOCOL:
		case NFT_META_NFPROTO:
		case NFT_META_PRIORITY:
		case NFT_META_MARK:
		case NFT_META_IIF: