On 04/07/2019 10:22, wenxu@xxxxxxxxx wrote:
> From: wenxu <wenxu@xxxxxxxxx>
>
> nft add table bridge firewall
> nft add chain bridge firewall zones { type filter hook prerouting priority - 300 \; }
> nft add rule bridge firewall zones counter ct zone set vlan id map { 100 : 1, 200 : 2 }
>
> As above set the bridge port with pvid, the received packet don't contain
> the vlan tag which means the packet should belong to vlan 200 through pvid.
> With this pacth user can get the pvid of bridge ports.
>
> So add the following rule for as the first rule in the chain of zones.
>
> nft add rule bridge firewall zones counter meta vlan set meta briifpvid
>
> Signed-off-by: wenxu <wenxu@xxxxxxxxx>
> ---
> include/uapi/linux/netfilter/nf_tables.h | 2 ++
> net/bridge/netfilter/nft_meta_bridge.c | 15 +++++++++++++++
> 2 files changed, 17 insertions(+)
>
Reviewed-by: Nikolay Aleksandrov <nikolay@xxxxxxxxxxxxxxxxxxx>
