netfilter: nf_tables: match on tunnel metadata
This patch allows us to match on the tunnel metadata that is available of the packet. We can use this to validate if the packet comes from/goes to tunnel and the corresponding tunnel ID. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
af308b94a2
commit
aaecfdb5c5
2 changed files with 126 additions and 1 deletions
|
|
@ -1647,4 +1647,19 @@ enum nft_tunnel_key_attributes {
|
|||
};
|
||||
#define NFTA_TUNNEL_KEY_MAX (__NFTA_TUNNEL_KEY_MAX - 1)
|
||||
|
||||
enum nft_tunnel_keys {
|
||||
NFT_TUNNEL_PATH,
|
||||
NFT_TUNNEL_ID,
|
||||
__NFT_TUNNEL_MAX
|
||||
};
|
||||
#define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1)
|
||||
|
||||
enum nft_tunnel_attributes {
|
||||
NFTA_TUNNEL_UNSPEC,
|
||||
NFTA_TUNNEL_KEY,
|
||||
NFTA_TUNNEL_DREG,
|
||||
__NFTA_TUNNEL_MAX
|
||||
};
|
||||
#define NFTA_TUNNEL_MAX (__NFTA_TUNNEL_MAX - 1)
|
||||
|
||||
#endif /* _LINUX_NF_TABLES_H */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue