From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH nft 1/2] src: add dup statement for netdev
Date: Wed, 20 Jan 2016 14:44:16 +0100 [thread overview]
Message-ID: <1453297457-11357-1-git-send-email-pablo@netfilter.org> (raw)
This patch contains the missing chunk to add support for the netdev
family. Part of the support slipped through in the original patch to
add the dup statement for IPv4 and IPv6.
# nft add table netdev filter
# nft add chain netdev filter ingress { type filter hook ingress device eth0 priority 0\; }
# nft add rule netdev filter ingress dup to dummy0
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/evaluate.c | 15 +++++++++++++++
tests/py/any/dup.t | 7 +++++++
tests/py/any/dup.t.payload | 14 ++++++++++++++
3 files changed, 36 insertions(+)
create mode 100644 tests/py/any/dup.t
create mode 100644 tests/py/any/dup.t.payload
diff --git a/src/evaluate.c b/src/evaluate.c
index 6277f14..ce132e3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1864,6 +1864,21 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt)
return err;
}
break;
+ case NFPROTO_NETDEV:
+ if (stmt->dup.to == NULL)
+ return stmt_error(ctx, stmt,
+ "missing destination interface");
+ if (stmt->dup.dev != NULL)
+ return stmt_error(ctx, stmt, "cannot specify device");
+
+ err = stmt_evaluate_arg(ctx, stmt, &ifindex_type,
+ sizeof(uint32_t) * BITS_PER_BYTE,
+ &stmt->dup.to);
+ if (err < 0)
+ return err;
+ break;
+ default:
+ return stmt_error(ctx, stmt, "unsupported family");
}
return 0;
}
diff --git a/tests/py/any/dup.t b/tests/py/any/dup.t
new file mode 100644
index 0000000..7df24a1
--- /dev/null
+++ b/tests/py/any/dup.t
@@ -0,0 +1,7 @@
+:ingress;type filter hook ingress device lo priority 0
+
+*netdev;test-netdev;ingress
+
+dup to lo;ok
+dup to mark map { 0x00000001 : lo, 0x00000002 : lo};ok
+
diff --git a/tests/py/any/dup.t.payload b/tests/py/any/dup.t.payload
new file mode 100644
index 0000000..206a9ec
--- /dev/null
+++ b/tests/py/any/dup.t.payload
@@ -0,0 +1,14 @@
+# dup to lo
+netdev test-netdev ingress
+ [ immediate reg 1 0x00000001 ]
+ [ dup sreg_dev 1 ]
+
+# dup to mark map { 0x00000001 : lo, 0x00000002 : lo}
+map%d test-netdev b
+map%d test-netdev 0
+ element 00000001 : 00000001 0 [end] element 00000002 : 00000001 0 [end]
+netdev test-netdev ingress
+ [ meta load mark => reg 1 ]
+ [ lookup reg 1 set map%d dreg 1 ]
+ [ dup sreg_dev 1 ]
+
--
2.1.4
next reply other threads:[~2016-01-20 13:44 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-20 13:44 Pablo Neira Ayuso [this message]
2016-01-20 13:44 ` [PATCH nft 2/2] src: add fwd statement for netdev Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1453297457-11357-1-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).