From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
This patch adds support for the connmark meta key, which enables
setting/retrieveing the connection mark of a tracked connection.
Signed-off-by: Kristian Evensen <kristian.evensen@xxxxxxxxx>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/expr/meta.c | 3 ++-
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index e08f80e..5797501 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -452,6 +452,7 @@ enum nft_exthdr_attributes {
* @NFT_META_NFTRACE: packet nftrace bit
* @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
* @NFT_META_SECMARK: packet secmark (skb->secmark)
+ * @NFT_META_CONNMARK: used to get/set the connection mark
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -469,6 +470,7 @@ enum nft_meta_keys {
NFT_META_NFTRACE,
NFT_META_RTCLASSID,
NFT_META_SECMARK,
+ NFT_META_CONNMARK,
};
/**
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 6899d69..3264aa1 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -23,7 +23,7 @@
#include "expr_ops.h"
#ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_SECMARK + 1)
+#define NFT_META_MAX (NFT_META_CONNMARK + 1)
#endif
struct nft_expr_meta {
@@ -152,6 +152,7 @@ const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_NFTRACE] = "nftrace",
[NFT_META_RTCLASSID] = "rtclassid",
[NFT_META_SECMARK] = "secmark",
+ [NFT_META_CONNMARK] = "connmark",
};
static const char *meta_key2str(uint8_t key)
--
1.8.3.2
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
