netfilter: nf_tables: nft_meta module get/set ops

This patch adds kernel support for the meta expression in get/set flavour. The set operation indicates that a given packet has to be set with a property, currently one of mark, priority, nftrace. The get op is what was currently working: evaluate the given packet property. In the nftrace case, the value is always 1. Such behaviour is copied from net/netfilter/xt_TRACE.c The NFTA_META_DREG and NFTA_META_SREG attributes are mutually exclusives. Signed-off-by: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com> 2013-12-26 16:38:01 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-12-28 14:02:12 +0100
commit: e035b77ac7be430a5fef8c9c23f60b6b50ec81c5 (patch)
tree: 39b4b80d82ab6a19d394c6ac529f1765230c463b /include/uapi
parent: d8bcc768c80e73cf4e948cb327949174b4b5b9e7 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index b25481e16f0a..aa86a15293e1 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -555,11 +555,13 @@ enum nft_meta_keys {
  *
  * @NFTA_META_DREG: destination register (NLA_U32)
  * @NFTA_META_KEY: meta data item to load (NLA_U32: nft_meta_keys)
+ * @NFTA_META_SREG: source register (NLA_U32)
  */
 enum nft_meta_attributes {
 	NFTA_META_UNSPEC,
 	NFTA_META_DREG,
 	NFTA_META_KEY,
+	NFTA_META_SREG,
 	__NFTA_META_MAX
 };
 #define NFTA_META_MAX		(__NFTA_META_MAX - 1)
author	Arturo Borrero Gonzalez <arturo.borrero.glez@gmail.com>	2013-12-26 16:38:01 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-12-28 14:02:12 +0100
commit	e035b77ac7be430a5fef8c9c23f60b6b50ec81c5 (patch)
tree	39b4b80d82ab6a19d394c6ac529f1765230c463b /include/uapi
parent	d8bcc768c80e73cf4e948cb327949174b4b5b9e7 (diff)