[PATCH] [nft] src: Add support for cpu in meta expresion

Ana Rey <anarey@xxxxxxxxx> · Thu, 7 Aug 2014 09:00:57 +0200

This allows you to match cpu handling with a packet.

This is an example of the syntax for this new attribute:

nft add rule ip test input meta cpu 1 counter
nft add rule ip test input meta cpu 1-3 counter
nft add rule ip test input meta cpu { 1, 3} counter

Signed-off-by: Ana Rey <anarey@xxxxxxxxx>
---
 include/linux/netfilter/nf_tables.h |    2 ++
 src/meta.c                          |    3 +++
 src/parser.y                        |    2 ++
 src/scanner.l                       |    1 +
 4 files changed, 8 insertions(+)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index fbc7904..9e67c14 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -536,6 +536,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_BRI_IIFNAME: packet input bridge interface name
  * @NFT_META_BRI_OIFNAME: packet output bridge interface name
  * @NFT_META_PKTTYPE: packet type
+ * @NFT_META_CPU: packet cpu
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -558,6 +559,7 @@ enum nft_meta_keys {
 	NFT_META_BRI_IIFNAME,
 	NFT_META_BRI_OIFNAME,
 	NFT_META_PKTTYPE,
+	NFT_META_CPU,
 };
 
 /**
diff --git a/src/meta.c b/src/meta.c
index 2c61455..75a16ee 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -393,6 +393,9 @@ static const struct meta_template meta_templates[] = {
 	[NFT_META_PKTTYPE]	= META_TEMPLATE("pkttype",  &pkttype_type,
 						BITS_PER_BYTE,
 						BYTEORDER_HOST_ENDIAN),
+	[NFT_META_CPU]		= META_TEMPLATE("cpu",  &integer_type,
+						BITS_PER_BYTE,
+						BYTEORDER_HOST_ENDIAN),
 };
 
 static void meta_expr_print(const struct expr *expr)
diff --git a/src/parser.y b/src/parser.y
index 6da6e98..bf32c4e 100644
--- a/src/parser.y
+++ b/src/parser.y
@@ -325,6 +325,7 @@ static int monitor_lookup_event(const char *event)
 %token IBRIPORT			"ibriport"
 %token OBRIPORT			"obriport"
 %token PKTTYPE			"pkttype"
+%token CPU			"cpu"
 
 %token CT			"ct"
 %token DIRECTION		"direction"
@@ -1786,6 +1787,7 @@ meta_key_unqualified	:	MARK		{ $$ = NFT_META_MARK; }
 			|	IBRIPORT	{ $$ = NFT_META_BRI_IIFNAME; }
 			|       OBRIPORT	{ $$ = NFT_META_BRI_OIFNAME; }
 			|       PKTTYPE		{ $$ = NFT_META_PKTTYPE; }
+			|       CPU		{ $$ = NFT_META_CPU; }
 			;
 
 meta_stmt		:	META	meta_key	SET	expr
diff --git a/src/scanner.l b/src/scanner.l
index 1d2be76..ad0b58d 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -407,6 +407,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ibriport"		{ return IBRIPORT; }
 "obriport"		{ return OBRIPORT; }
 "pkttype"		{ return PKTTYPE; }
+"cpu"			{ return CPU; }
 
 "ct"			{ return CT; }
 "direction"		{ return DIRECTION; }
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







