Kristian Evensen <kristian.evensen@xxxxxxxxx> wrote:
> From: Kristian Evensen <kristian.evensen@xxxxxxxxx>
>
> This patch enables connmark to be set/retrieved using meta
> expressions/statements.
>
> Signed-off-by: Kristian Evensen <kristian.evensen@xxxxxxxxx>
> ---
> include/uapi/linux/netfilter/nf_tables.h | 2 ++
> net/netfilter/nft_meta.c | 34 ++++++++++++++++++++++++++++++++
> 2 files changed, 36 insertions(+)
>
> diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> index aa86a152..05eaeb9 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -531,6 +531,7 @@ enum nft_exthdr_attributes {
> * @NFT_META_NFTRACE: packet nftrace bit
> * @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid)
> * @NFT_META_SECMARK: packet secmark (skb->secmark)
> + * @NFT_META_CONNMARK: used to get/set the connection mark
> */
> enum nft_meta_keys {
> NFT_META_LEN,
> @@ -548,6 +549,7 @@ enum nft_meta_keys {
> NFT_META_NFTRACE,
> NFT_META_RTCLASSID,
> NFT_META_SECMARK,
> + NFT_META_CONNMARK,
> };
This looks wrong, meta is for packet properties.
You should probably use NFT_CT_MARK from nft_ct_keys enum.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
