[PATCH nft v2] meta: introduce broute expression

[PATCH nft v2] meta: introduce broute expression

[Sriram Yagnaraman]

nft userspace tool support broute meta statment proposed in [1].

[1]: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230224095251.11249-1-sriram.yagnaraman@est.tech/

Signed-off-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
---
 doc/statements.txt                  | 5 ++++-
 include/linux/netfilter/nf_tables.h | 2 ++
 src/meta.c                          | 2 ++
 3 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/doc/statements.txt b/doc/statements.txt
index 0532b2b1..4e7e2654 100644
--- a/doc/statements.txt
+++ b/doc/statements.txt
@@ -296,7 +296,7 @@ A meta statement sets the value of a meta expression. The existing meta fields
 are: priority, mark, pkttype, nftrace. +
 
 [verse]
-*meta* {*mark* | *priority* | *pkttype* | *nftrace*} *set* 'value'
+*meta* {*mark* | *priority* | *pkttype* | *nftrace* | *broute*} *set* 'value'
 
 A meta statement sets meta data associated with a packet. +
 
@@ -316,6 +316,9 @@ pkt_type
 |nftrace |
 ruleset packet tracing on/off. Use *monitor trace* command to watch traces|
 0, 1
+|broute |
+broute on/off. packets are routed instead of being bridged|
+0, 1
 |==========================
 
 LIMIT STATEMENT
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index ff677f3a..9c6f02c2 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -931,6 +931,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_TIME_HOUR: hour of day (in seconds)
  * @NFT_META_SDIF: slave device interface index
  * @NFT_META_SDIFNAME: slave device interface name
+ * @NFT_META_BRI_BROUTE: packet br_netfilter_broute bit
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -969,6 +970,7 @@ enum nft_meta_keys {
 	NFT_META_TIME_HOUR,
 	NFT_META_SDIF,
 	NFT_META_SDIFNAME,
+	NFT_META_BRI_BROUTE,
 	__NFT_META_IIFTYPE,
 };
 
diff --git a/src/meta.c b/src/meta.c
index 013e8cba..6f9ed06b 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -698,6 +698,8 @@ const struct meta_template meta_templates[] = {
 	[NFT_META_SDIFNAME]	= META_TEMPLATE("sdifname", &ifname_type,
 						IFNAMSIZ * BITS_PER_BYTE,
 						BYTEORDER_HOST_ENDIAN),
+	[NFT_META_BRI_BROUTE]	= META_TEMPLATE("broute",   &integer_type,
+						1    , BYTEORDER_HOST_ENDIAN),
 };
 
 static bool meta_key_is_unqualified(enum nft_meta_keys key)
-- 
2.34.1

Re: [PATCH nft v2] meta: introduce broute expression

[Florian Westphal]

Sriram Yagnaraman <sriram.yagnaraman@est.tech> wrote:
> nft userspace tool support broute meta statment proposed in [1].
> 
> [1]: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230224095251.11249-1-sriram.yagnaraman@est.tech/

LGTM.

Can you make a followup patch that adds a test case to
tests/py/bridge/meta.t

and a new test file, e.g.
tests/py/bridge/redirect.t ?

First one is expected to fail (only input is tested),
but second one should pass.

Make sure this works with -j (json as well).

Thanks.

RE: [PATCH nft v2] meta: introduce broute expression

[Sriram Yagnaraman]

> -----Original Message-----
> From: Florian Westphal <fw@strlen.de>
> Sent: Friday, 24 February 2023 11:49
> To: Sriram Yagnaraman <sriram.yagnaraman@est.tech>
> Cc: netfilter-devel@vger.kernel.org; Florian Westphal <fw@strlen.de>; Pablo
> Neira Ayuso <pablo@netfilter.org>
> Subject: Re: [PATCH nft v2] meta: introduce broute expression
> 
> Sriram Yagnaraman <sriram.yagnaraman@est.tech> wrote:
> > nft userspace tool support broute meta statment proposed in [1].
> >
> > [1]:
> > https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230224095
> > 251.11249-1-sriram.yagnaraman@est.tech/
> 
> LGTM.
> 
> Can you make a followup patch that adds a test case to
> tests/py/bridge/meta.t
> 
> and a new test file, e.g.
> tests/py/bridge/redirect.t ?
> 
> First one is expected to fail (only input is tested), but second one should pass.
> 
> Make sure this works with -j (json as well).
> 
> Thanks.

Thank you for the reviews.
I have now added the tests in v3, I hope I have got them right.