Skip to content

Commit 2a3a93e

Browse files
wenxuummakynes
wenxu
authored and
ummakynes
committed
netfilter: nft_meta_bridge: Add NFT_META_BRI_IIFVPROTO support
This patch allows you to match on bridge vlan protocol, eg. nft add rule bridge firewall zones counter meta ibrvproto 0x8100 Signed-off-by: wenxu <[email protected]> Reviewed-by: Nikolay Aleksandrov <[email protected]> Signed-off-by: Pablo Neira Ayuso <[email protected]>
1 parent 31aed46 commit 2a3a93e

File tree

2 files changed

+14
-0
lines changed

2 files changed

+14
-0
lines changed

include/uapi/linux/netfilter/nf_tables.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -796,6 +796,7 @@ enum nft_exthdr_attributes {
796796
* @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
797797
* @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
798798
* @NFT_META_BRI_IIFPVID: packet input bridge port pvid
799+
* @NFT_META_BRI_IIFVPROTO: packet input bridge vlan proto
799800
*/
800801
enum nft_meta_keys {
801802
NFT_META_LEN,
@@ -827,6 +828,7 @@ enum nft_meta_keys {
827828
NFT_META_IIFKIND,
828829
NFT_META_OIFKIND,
829830
NFT_META_BRI_IIFPVID,
831+
NFT_META_BRI_IIFVPROTO,
830832
};
831833

832834
/**

net/bridge/netfilter/nft_meta_bridge.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,17 @@ static void nft_meta_bridge_get_eval(const struct nft_expr *expr,
4949
nft_reg_store16(dest, p_pvid);
5050
return;
5151
}
52+
case NFT_META_BRI_IIFVPROTO: {
53+
u16 p_proto;
54+
55+
br_dev = nft_meta_get_bridge(in);
56+
if (!br_dev || !br_vlan_enabled(br_dev))
57+
goto err;
58+
59+
br_vlan_get_proto(br_dev, &p_proto);
60+
nft_reg_store16(dest, p_proto);
61+
return;
62+
}
5263
default:
5364
goto out;
5465
}
@@ -75,6 +86,7 @@ static int nft_meta_bridge_get_init(const struct nft_ctx *ctx,
7586
len = IFNAMSIZ;
7687
break;
7788
case NFT_META_BRI_IIFPVID:
89+
case NFT_META_BRI_IIFVPROTO:
7890
len = sizeof(u16);
7991
break;
8092
default:

0 commit comments

Comments
 (0)