Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4566bf27 authored Jan 03, 2014 by Patrick McHardy Committed by Pablo Neira Ayuso Jan 07, 2014

netfilter: nft_meta: add l4proto support



For L3-proto independant rules we need to get at the L4 protocol value
directly. Add it to the nft_pktinfo struct and use the meta expression
to retrieve it.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 124edfa9

include/net/netfilter/nf_tables.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -16,6 +16,7 @@ struct nft_pktinfo {
		const struct nf_hook_ops *ops;
		u8 nhoff;
		u8 thoff;
		u8 tprot;
		/* for x_tables compatibility */
		struct xt_action_param xt;
		};

include/net/netfilter/nf_tables_ipv4.h

+2 −1

Original line number	Diff line number	Diff line
		@@ -15,8 +15,9 @@ nft_set_pktinfo_ipv4(struct nft_pktinfo *pkt,

		nft_set_pktinfo(pkt, ops, skb, in, out);

		pkt->xt.thoff = ip_hdrlen(pkt->skb);
		ip = ip_hdr(pkt->skb);
		pkt->tprot = ip->protocol;
		pkt->xt.thoff = ip_hdrlen(pkt->skb);
		pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET;
		}

include/net/netfilter/nf_tables_ipv6.h

+1 −0

Original line number	Diff line number	Diff line
		@@ -21,6 +21,7 @@ nft_set_pktinfo_ipv6(struct nft_pktinfo *pkt,
		if (protohdr < 0)
		return -1;

		pkt->tprot = protohdr;
		pkt->xt.thoff = thoff;
		pkt->xt.fragoff = frag_off;

include/uapi/linux/netfilter/nf_tables.h

+2 −0

Original line number	Diff line number	Diff line
		@@ -532,6 +532,7 @@ enum nft_exthdr_attributes {
		* @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
		* @NFT_META_SECMARK: packet secmark (skb->secmark)
		* @NFT_META_NFPROTO: netfilter protocol
		* @NFT_META_L4PROTO: layer 4 protocol number
		*/
		enum nft_meta_keys {
		NFT_META_LEN,
		@@ -550,6 +551,7 @@ enum nft_meta_keys {
		NFT_META_RTCLASSID,
		NFT_META_SECMARK,
		NFT_META_NFPROTO,
		NFT_META_L4PROTO,
		};

		/**

net/netfilter/nft_meta.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -46,6 +46,9 @@ static void nft_meta_get_eval(const struct nft_expr *expr,
		case NFT_META_NFPROTO:
		dest->data[0] = pkt->ops->pf;
		break;
		case NFT_META_L4PROTO:
		dest->data[0] = pkt->tprot;
		break;
		case NFT_META_PRIORITY:
		dest->data[0] = skb->priority;
		break;
		@@ -185,6 +188,7 @@ static int nft_meta_init_validate_get(uint32_t key)
		case NFT_META_LEN:
		case NFT_META_PROTOCOL:
		case NFT_META_NFPROTO:
		case NFT_META_L4PROTO:
		case NFT_META_PRIORITY:
		case NFT_META_MARK:
		case NFT_META_IIF: