netfilter: nft_meta: add support for slave device ifindex matching
Allow to match on vrf slave ifindex or name. In case there was no slave interface involved, store 0 in the destination register just like existing iif/oif matching. sdif(name) is restricted to the ipv4/ipv6 input and forward hooks, as it depends on ip(6) stack parsing/storing info in skb->cb[]. Cc: Martin Willi <martin@strongswan.org> Cc: David Ahern <dsahern@kernel.org> Cc: Shrijeet Mukherjee <shrijeet@gmail.com> Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Florian Westphal
Pablo Neira Ayuso
parent
01a0fc8225
commit
c14ceb0ec7
2 changed files with 73 additions and 7 deletions
|
|
@ -805,6 +805,8 @@ enum nft_exthdr_attributes {
|
|||
* @NFT_META_TIME_NS: time since epoch (in nanoseconds)
|
||||
* @NFT_META_TIME_DAY: day of week (from 0 = Sunday to 6 = Saturday)
|
||||
* @NFT_META_TIME_HOUR: hour of day (in seconds)
|
||||
* @NFT_META_SDIF: slave device interface index
|
||||
* @NFT_META_SDIFNAME: slave device interface name
|
||||
*/
|
||||
enum nft_meta_keys {
|
||||
NFT_META_LEN,
|
||||
|
|
@ -840,6 +842,8 @@ enum nft_meta_keys {
|
|||
NFT_META_TIME_NS,
|
||||
NFT_META_TIME_DAY,
|
||||
NFT_META_TIME_HOUR,
|
||||
NFT_META_SDIF,
|
||||
NFT_META_SDIFNAME,
|
||||
};
|
||||
|
||||
/**
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue