diff options
| author |   Pablo Neira Ayuso <pablo@netfilter.org> | 2021-10-25 15:43:29 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-01 09:29:20 +0100 |
| commit | 56fa95014a0447f798444e626091cbeb3176af24 (patch) | |
| tree | 188f359c246918a4f29ec3f93bd3178a2ac31d0b /net/netfilter | |
| parent | netfilter: conntrack: set on IPS_ASSURED if flows enters internal stream state (diff) | |
| download | linux-dev-56fa95014a0447f798444e626091cbeb3176af24.tar.xz linux-dev-56fa95014a0447f798444e626091cbeb3176af24.zip | |
netfilter: nft_meta: add NFT_META_IFTYPE
Generalize NFT_META_IIFTYPE to NFT_META_IFTYPE which allows you to match
on the interface type of the skb->dev field. This field is used by the
netdev family to add an implicit dependency to skip non-ethernet packets
when matching on layer 3 and 4 TCP/IP header fields.
For backward compatibility, add the NFT_META_IIFTYPE alias to
NFT_META_IFTYPE.
Add __NFT_META_IIFTYPE, to be used by userspace in the future to match
specifically on the iiftype.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter')
| -rw-r--r-- | net/netfilter/nft_meta.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c index a7e01e9952f1..516e74635bae 100644 --- a/net/netfilter/nft_meta.c +++ b/net/netfilter/nft_meta.c @@ -244,7 +244,11 @@ static bool nft_meta_get_eval_ifname(enum nft_meta_keys key, u32 *dest, case NFT_META_OIF: nft_meta_store_ifindex(dest, nft_out(pkt)); break; - case NFT_META_IIFTYPE: + case NFT_META_IFTYPE: + if (!nft_meta_store_iftype(dest, pkt->skb->dev)) + return false; + break; + case __NFT_META_IIFTYPE: if (!nft_meta_store_iftype(dest, nft_in(pkt))) return false; break; |