* [PATCH nftables] meta: Add support for `time`
@ 2019-03-08 17:29 Karuna Grewal
2019-03-08 17:40 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Karuna Grewal @ 2019-03-08 17:29 UTC (permalink / raw)
To: fw; +Cc: netfilter-devel
meta `time` can be used to match the timestamp of a packet.
Signed-off-by: Karuna Grewal <karunagrewal98@gmail.com>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/meta.c | 3 +++
src/parser_bison.y | 1 +
src/scanner.l | 1 +
4 files changed, 7 insertions(+)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 37036be0..a20fc966 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -791,6 +791,7 @@ enum nft_exthdr_attributes {
* @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
* @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
* @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_TSTAMP_NS: packet arrival time (skb->tstamp)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -821,6 +822,7 @@ enum nft_meta_keys {
NFT_META_SECPATH,
NFT_META_IIFKIND,
NFT_META_OIFKIND,
+ NFT_META_TSTAMP_NS,
};
/**
diff --git a/src/meta.c b/src/meta.c
index 7e44a2a3..1b35e508 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -450,6 +450,9 @@ const struct meta_template meta_templates[] = {
[NFT_META_OIFKIND] = META_TEMPLATE("oifkind", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
+ [NFT_META_TSTAMP_NS] = META_TEMPLATE("timestamp", &time_type,
+ 8 * BITS_PER_BYTE,
+ BYTEORDER_HOST_ENDIAN),
};
static bool meta_key_is_unqualified(enum nft_meta_keys key)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index b20be3a8..58914486 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3874,6 +3874,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; }
| OIFGROUP { $$ = NFT_META_OIFGROUP; }
| CGROUP { $$ = NFT_META_CGROUP; }
| IPSEC { $$ = NFT_META_SECPATH; }
+ | TIMESTAMP { $$ = NFT_META_TSTAMP_NS; }
;
meta_stmt : META meta_key SET stmt_expr
diff --git a/src/scanner.l b/src/scanner.l
index 6f83aa11..bfb8c558 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -507,6 +507,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"iifgroup" { return IIFGROUP; }
"oifgroup" { return OIFGROUP; }
"cgroup" { return CGROUP; }
+"time" { return TIMESTAMP; }
"classid" { return CLASSID; }
"nexthop" { return NEXTHOP; }
--
2.17.1
^ permalink raw reply related [flat|nested] 2+ messages in thread* Re: [PATCH nftables] meta: Add support for `time`
2019-03-08 17:29 [PATCH nftables] meta: Add support for `time` Karuna Grewal
@ 2019-03-08 17:40 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-03-08 17:40 UTC (permalink / raw)
To: Karuna Grewal; +Cc: fw, netfilter-devel
On Fri, Mar 08, 2019 at 10:59:44PM +0530, Karuna Grewal wrote:
> meta `time` can be used to match the timestamp of a packet.
Please, add tests for this to tests/py too.
Thanks.
> include/linux/netfilter/nf_tables.h | 2 ++
> src/meta.c | 3 +++
> src/parser_bison.y | 1 +
> src/scanner.l | 1 +
> 4 files changed, 7 insertions(+)
>
> diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
> index 37036be0..a20fc966 100644
> --- a/include/linux/netfilter/nf_tables.h
> +++ b/include/linux/netfilter/nf_tables.h
> @@ -791,6 +791,7 @@ enum nft_exthdr_attributes {
> * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
> * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
> * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
> + * @NFT_META_TSTAMP_NS: packet arrival time (skb->tstamp)
> */
> enum nft_meta_keys {
> NFT_META_LEN,
> @@ -821,6 +822,7 @@ enum nft_meta_keys {
> NFT_META_SECPATH,
> NFT_META_IIFKIND,
> NFT_META_OIFKIND,
> + NFT_META_TSTAMP_NS,
> };
>
> /**
> diff --git a/src/meta.c b/src/meta.c
> index 7e44a2a3..1b35e508 100644
> --- a/src/meta.c
> +++ b/src/meta.c
> @@ -450,6 +450,9 @@ const struct meta_template meta_templates[] = {
> [NFT_META_OIFKIND] = META_TEMPLATE("oifkind", &ifname_type,
> IFNAMSIZ * BITS_PER_BYTE,
> BYTEORDER_HOST_ENDIAN),
> + [NFT_META_TSTAMP_NS] = META_TEMPLATE("timestamp", &time_type,
> + 8 * BITS_PER_BYTE,
> + BYTEORDER_HOST_ENDIAN),
> };
>
> static bool meta_key_is_unqualified(enum nft_meta_keys key)
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index b20be3a8..58914486 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -3874,6 +3874,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; }
> | OIFGROUP { $$ = NFT_META_OIFGROUP; }
> | CGROUP { $$ = NFT_META_CGROUP; }
> | IPSEC { $$ = NFT_META_SECPATH; }
> + | TIMESTAMP { $$ = NFT_META_TSTAMP_NS; }
> ;
>
> meta_stmt : META meta_key SET stmt_expr
> diff --git a/src/scanner.l b/src/scanner.l
> index 6f83aa11..bfb8c558 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -507,6 +507,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
> "iifgroup" { return IIFGROUP; }
> "oifgroup" { return OIFGROUP; }
> "cgroup" { return CGROUP; }
> +"time" { return TIMESTAMP; }
>
> "classid" { return CLASSID; }
> "nexthop" { return NEXTHOP; }
> --
> 2.17.1
>
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-03-08 17:40 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-03-08 17:29 [PATCH nftables] meta: Add support for `time` Karuna Grewal
2019-03-08 17:40 ` Pablo Neira Ayuso
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.