netfilter: nf_tables: add devgroup support in meta expresion
Add devgroup support to let us match device group of a packets incoming or outgoing interface. Signed-off-by: Ana Rey <anarey@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
ce24b7217b
commit
3045d76070
|
@ -573,6 +573,8 @@ enum nft_exthdr_attributes {
|
|||
* @NFT_META_BRI_OIFNAME: packet output bridge interface name
|
||||
* @NFT_META_PKTTYPE: packet type (skb->pkt_type), special handling for loopback
|
||||
* @NFT_META_CPU: cpu id through smp_processor_id()
|
||||
* @NFT_META_IIFGROUP: packet input interface group
|
||||
* @NFT_META_OIFGROUP: packet output interface group
|
||||
*/
|
||||
enum nft_meta_keys {
|
||||
NFT_META_LEN,
|
||||
|
@ -596,6 +598,8 @@ enum nft_meta_keys {
|
|||
NFT_META_BRI_OIFNAME,
|
||||
NFT_META_PKTTYPE,
|
||||
NFT_META_CPU,
|
||||
NFT_META_IIFGROUP,
|
||||
NFT_META_OIFGROUP,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
@ -155,6 +155,16 @@ void nft_meta_get_eval(const struct nft_expr *expr,
|
|||
case NFT_META_CPU:
|
||||
dest->data[0] = smp_processor_id();
|
||||
break;
|
||||
case NFT_META_IIFGROUP:
|
||||
if (in == NULL)
|
||||
goto err;
|
||||
dest->data[0] = in->group;
|
||||
break;
|
||||
case NFT_META_OIFGROUP:
|
||||
if (out == NULL)
|
||||
goto err;
|
||||
dest->data[0] = out->group;
|
||||
break;
|
||||
default:
|
||||
WARN_ON(1);
|
||||
goto err;
|
||||
|
@ -228,6 +238,8 @@ int nft_meta_get_init(const struct nft_ctx *ctx,
|
|||
#endif
|
||||
case NFT_META_PKTTYPE:
|
||||
case NFT_META_CPU:
|
||||
case NFT_META_IIFGROUP:
|
||||
case NFT_META_OIFGROUP:
|
||||
break;
|
||||
default:
|
||||
return -EOPNOTSUPP;
|
||||
|
|
Loading…
Reference in New Issue