* [PATCH nft v3] meta: add ibrpvid and ibrvproto support
@ 2019-08-16 13:10 wenxu
2019-08-21 9:14 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: wenxu @ 2019-08-16 13:10 UTC (permalink / raw)
To: pablo; +Cc: netfilter-devel
From: wenxu <wenxu@ucloud.cn>
This allows you to match the bridge pvid and vlan protocol, for
instance:
nft add rule bridge firewall zones meta ibrvproto 0x8100
nft add rule bridge firewall zones meta ibrpvid 100
Signed-off-by: wenxu <wenxu@ucloud.cn>
---
src/meta.c | 6 ++++++
tests/py/bridge/meta.t | 2 ++
tests/py/bridge/meta.t.json | 26 ++++++++++++++++++++++++++
tests/py/bridge/meta.t.payload | 9 +++++++++
4 files changed, 43 insertions(+)
diff --git a/src/meta.c b/src/meta.c
index 5901c99..d45d757 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -442,6 +442,12 @@ const struct meta_template meta_templates[] = {
[NFT_META_OIFKIND] = META_TEMPLATE("oifkind", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
+ [NFT_META_BRI_IIFPVID] = META_TEMPLATE("ibrpvid", &integer_type,
+ 2 * BITS_PER_BYTE,
+ BYTEORDER_HOST_ENDIAN),
+ [NFT_META_BRI_IIFVPROTO] = META_TEMPLATE("ibrvproto", &integer_type,
+ 2 * BITS_PER_BYTE,
+ BYTEORDER_HOST_ENDIAN),
};
static bool meta_key_is_unqualified(enum nft_meta_keys key)
diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t
index 88e819f..d9fb681 100644
--- a/tests/py/bridge/meta.t
+++ b/tests/py/bridge/meta.t
@@ -4,3 +4,5 @@
meta obrname "br0";ok
meta ibrname "br0";ok
+meta ibrvproto 0x8100;ok
+meta ibrpvid 100;ok
diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json
index 5df4773..0a5e64a 100644
--- a/tests/py/bridge/meta.t.json
+++ b/tests/py/bridge/meta.t.json
@@ -23,3 +23,29 @@
}
}
]
+
+# meta ibrvproto 0x8100
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "ibrvproto" }
+ },
+ "op": "==",
+ "right": 0x8100
+ }
+ }
+]
+
+# meta ibrpvid 100
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "ibrpvid" }
+ },
+ "op": "==",
+ "right": 100
+ }
+ }
+]
diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload
index 0f0d101..e5793a9 100644
--- a/tests/py/bridge/meta.t.payload
+++ b/tests/py/bridge/meta.t.payload
@@ -8,3 +8,12 @@ bridge test-bridge input
[ meta load bri_iifname => reg 1 ]
[ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ]
+# meta ibrvproto 0x8100
+bridge test-bridge input
+ [ meta load bri_iifvproto => reg 1 ]
+ [ cmp eq reg 1 0x00008100 ]
+
+# meta ibrpvid 100
+bridge test-bridge input
+ [ meta load bri_iifpvid => reg 1 ]
+ [ cmp eq reg 1 0x00000064 ]
--
2.15.1
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nft v3] meta: add ibrpvid and ibrvproto support
2019-08-16 13:10 [PATCH nft v3] meta: add ibrpvid and ibrvproto support wenxu
@ 2019-08-21 9:14 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-08-21 9:14 UTC (permalink / raw)
To: wenxu; +Cc: netfilter-devel
On Fri, Aug 16, 2019 at 09:10:26PM +0800, wenxu@ucloud.cn wrote:
> From: wenxu <wenxu@ucloud.cn>
>
> This allows you to match the bridge pvid and vlan protocol, for
> instance:
>
> nft add rule bridge firewall zones meta ibrvproto 0x8100
> nft add rule bridge firewall zones meta ibrpvid 100
Still one more nitpick when running tests/py:
bridge/meta.t: WARNING: line 7: 'add rule bridge test-bridge input
meta ibrvproto 0x8100': 'meta ibrvproto 0x8100' mismatches 'meta
ibrvproto 33024'
Please amend and send v4.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-08-21 9:14 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-16 13:10 [PATCH nft v3] meta: add ibrpvid and ibrvproto support wenxu
2019-08-21 9:14 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).