[PATCH nftables] Add support for the meta connmark key

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Kristian Evensen <kristian.evensen@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: Kristian Evensen <kristian.evensen@gmail.com>
Subject: [PATCH nftables] Add support for the meta connmark key
Date: Mon,  6 Jan 2014 17:58:39 +0100	[thread overview]
Message-ID: <1389027519-16917-1-git-send-email-kristian.evensen@gmail.com> (raw)

From: Kristian Evensen <kristian.evensen@gmail.com>

This patch adds supports for the connmark meta key, and the connection mark can
be both set and retrieved. By using the get/set operations, connmark
save/restore (from xt_CONNMARK) can be performed as follows:

save:
... meta connmark set "meta mark"

restore:
... meta mark set "meta connmark"

Signed-off-by: Kristian Evensen <kristian.evensen@gmail.com>
---
 include/linux/netfilter/nf_tables.h | 2 ++
 src/datatype.c                      | 2 +-
 src/meta.c                          | 2 ++
 src/parser.y                        | 2 ++
 src/scanner.l                       | 1 +
 5 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 1d5a925..995ecaa 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -458,6 +458,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_NFTRACE: packet nftrace bit
  * @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
  * @NFT_META_SECMARK: packet secmark (skb->secmark)
+ * @NFT_META_CONNMARK: used to get/set the connection mark
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -475,6 +476,7 @@ enum nft_meta_keys {
 	NFT_META_NFTRACE,
 	NFT_META_RTCLASSID,
 	NFT_META_SECMARK,
+	NFT_META_CONNMARK,
 };
 
 /**
diff --git a/src/datatype.c b/src/datatype.c
index 2e5788d..084f0cd 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -656,7 +656,7 @@ static struct error_record *mark_type_parse(const struct expr *sym,
 const struct datatype mark_type = {
 	.type		= TYPE_MARK,
 	.name		= "mark",
-	.desc		= "packet mark",
+	.desc		= "packet/connection mark",
 	.size		= 4 * BITS_PER_BYTE,
 	.byteorder	= BYTEORDER_HOST_ENDIAN,
 	.basetype	= &integer_type,
diff --git a/src/meta.c b/src/meta.c
index 32f3012..dd041bd 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -329,6 +329,8 @@ static const struct meta_template meta_templates[] = {
 						4 * 8, BYTEORDER_HOST_ENDIAN),
 	[NFT_META_SECMARK]	= META_TEMPLATE("secmark",   &integer_type,
 						4 * 8, BYTEORDER_HOST_ENDIAN),
+	[NFT_META_CONNMARK]	= META_TEMPLATE("connmark",  &mark_type,
+						4 * 8, BYTEORDER_HOST_ENDIAN),
 };
 
 static void meta_expr_print(const struct expr *expr)
diff --git a/src/parser.y b/src/parser.y
index 9320f2d..2f35966 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -291,6 +291,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token NFTRACE			"nftrace"
 %token RTCLASSID		"rtclassid"
 %token SECMARK			"secmark"
+%token CONNMARK			"connmark"
 
 %token CT			"ct"
 %token DIRECTION		"direction"
@@ -1387,6 +1388,7 @@ meta_key		:	LENGTH		{ $$ = NFT_META_LEN; }
 			|	NFTRACE		{ $$ = NFT_META_NFTRACE; }
 			|	RTCLASSID	{ $$ = NFT_META_RTCLASSID; }
 			|	SECMARK		{ $$ = NFT_META_SECMARK; }
+			|	CONNMARK	{ $$ = NFT_META_CONNMARK; }
 			;
 
 meta_stmt		:	META	meta_key	SET	expr
diff --git a/src/scanner.l b/src/scanner.l
index 8c4f25d..945c14b 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -381,6 +381,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "nftrace"		{ return NFTRACE; }
 "rtclassid"		{ return RTCLASSID; }
 "secmark"		{ return SECMARK; }
+"connmark"		{ return CONNMARK; }
 
 "ct"			{ return CT; }
 "direction"		{ return DIRECTION; }
-- 
1.8.3.2

                 reply	other threads:[~2014-01-06 16:58 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:1d5a925 dfblob:995ecaa dfblob:2e5788d dfblob:084f0cd
dfblob:32f3012 dfblob:dd041bd dfblob:9320f2d dfblob:2f35966
dfblob:8c4f25d dfblob:945c14b )
 OR (
bs:"[PATCH nftables] Add support for the meta connmark key" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1389027519-16917-1-git-send-email-kristian.evensen@gmail.com \
    --to=kristian.evensen@gmail.com \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).