Add devgroup support to let us match device group of a packets incoming
or outgoing interface.
Signed-off-by: Ana Rey <anarey@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
* @NFT_META_BRI_OIFNAME: packet output bridge interface name
* @NFT_META_PKTTYPE: packet type (skb->pkt_type), special handling for loopback
* @NFT_META_CPU: cpu id through smp_processor_id()
+ * @NFT_META_IIFGROUP: packet input interface group
+ * @NFT_META_OIFGROUP: packet output interface group
*/
enum nft_meta_keys {
NFT_META_LEN,
NFT_META_BRI_OIFNAME,
NFT_META_PKTTYPE,
NFT_META_CPU,
+ NFT_META_IIFGROUP,
+ NFT_META_OIFGROUP,
};
/**
case NFT_META_CPU:
dest->data[0] = smp_processor_id();
break;
+ case NFT_META_IIFGROUP:
+ if (in == NULL)
+ goto err;
+ dest->data[0] = in->group;
+ break;
+ case NFT_META_OIFGROUP:
+ if (out == NULL)
+ goto err;
+ dest->data[0] = out->group;
+ break;
default:
WARN_ON(1);
goto err;
#endif
case NFT_META_PKTTYPE:
case NFT_META_CPU:
+ case NFT_META_IIFGROUP:
+ case NFT_META_OIFGROUP:
break;
default:
return -EOPNOTSUPP;
projects / openwrt / staging / blogic.git / commitdiff