netfilter: nft_meta: add NFT_META_IFTYPE
Generalize NFT_META_IIFTYPE to NFT_META_IFTYPE which allows you to match on the interface type of the skb->dev field. This field is used by the netdev family to add an implicit dependency to skip non-ethernet packets when matching on layer 3 and 4 TCP/IP header fields. For backward compatibility, add the NFT_META_IIFTYPE alias to NFT_META_IFTYPE. Add __NFT_META_IIFTYPE, to be used by userspace in the future to match specifically on the iiftype. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
parent
b7b1d02fc4
commit
56fa95014a
@ -896,7 +896,8 @@ enum nft_meta_keys {
|
||||
NFT_META_OIF,
|
||||
NFT_META_IIFNAME,
|
||||
NFT_META_OIFNAME,
|
||||
NFT_META_IIFTYPE,
|
||||
NFT_META_IFTYPE,
|
||||
#define NFT_META_IIFTYPE NFT_META_IFTYPE
|
||||
NFT_META_OIFTYPE,
|
||||
NFT_META_SKUID,
|
||||
NFT_META_SKGID,
|
||||
@ -923,6 +924,7 @@ enum nft_meta_keys {
|
||||
NFT_META_TIME_HOUR,
|
||||
NFT_META_SDIF,
|
||||
NFT_META_SDIFNAME,
|
||||
__NFT_META_IIFTYPE,
|
||||
};
|
||||
|
||||
/**
|
||||
|
@ -244,7 +244,11 @@ static bool nft_meta_get_eval_ifname(enum nft_meta_keys key, u32 *dest,
|
||||
case NFT_META_OIF:
|
||||
nft_meta_store_ifindex(dest, nft_out(pkt));
|
||||
break;
|
||||
case NFT_META_IIFTYPE:
|
||||
case NFT_META_IFTYPE:
|
||||
if (!nft_meta_store_iftype(dest, pkt->skb->dev))
|
||||
return false;
|
||||
break;
|
||||
case __NFT_META_IIFTYPE:
|
||||
if (!nft_meta_store_iftype(dest, nft_in(pkt)))
|
||||
return false;
|
||||
break;
|
||||
|
Loading…
Reference in New Issue
Block a user