For bridge, iifname is the port name, whereas 'ibrport' is the
logical name of the bridge ("br0") the port ("iifname") is enslaved to.
So, 'ibrport' is a misnomer.
libnftl calls these 'bri_iifname' and 'bri_oifname', which is good
but using 'briiifname' in nft is rather ugly, so use 'ibridgename'
and 'obridgename' instead.
Old names are still recognized, listing shows the new names.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
doc/nft.xml | 8 ++++----
src/meta.c | 15 +++++++++++++--
src/parser_bison.y | 2 ++
src/scanner.l | 2 ++
tests/py/bridge/meta.t | 6 ++++++
tests/py/bridge/meta.t.payload | 10 ++++++++++
tests/py/inet/meta.t | 2 ++
tests/py/ip/meta.t | 3 +++
8 files changed, 42 insertions(+), 6 deletions(-)
create mode 100644 tests/py/bridge/meta.t
create mode 100644 tests/py/bridge/meta.t.payload
diff --git a/doc/nft.xml b/doc/nft.xml
index 88d39415820c..47e106900d35 100644
--- a/doc/nft.xml
+++ b/doc/nft.xml
@@ -2738,8 +2738,8 @@ filter output icmpv6 type { echo-request, echo-reply }
<arg>skgid</arg>
<arg>nftrace</arg>
<arg>rtclassid</arg>
- <arg>ibriport</arg>
- <arg>obriport</arg>
+ <arg>ibridgename</arg>
+ <arg>obridgename</arg>
<arg>pkttype</arg>
<arg>cpu</arg>
<arg>iifgroup</arg>
@@ -2853,12 +2853,12 @@ filter output icmpv6 type { echo-request, echo-reply }
<entry>realm</entry>
</row>
<row>
- <entry>ibriport</entry>
+ <entry>ibridgename</entry>
<entry>Input bridge interface name</entry>
<entry>ifname</entry>
</row>
<row>
- <entry>obriport</entry>
+ <entry>obridgename</entry>
<entry>Output bridge interface name</entry>
<entry>ifname</entry>
</row>
diff --git a/src/meta.c b/src/meta.c
index 11de2dab8b9b..f80109641757 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -413,10 +413,10 @@ static const struct meta_template meta_templates[] = {
1 , BYTEORDER_HOST_ENDIAN),
[NFT_META_RTCLASSID] = META_TEMPLATE("rtclassid", &realm_type,
4 * 8, BYTEORDER_HOST_ENDIAN),
- [NFT_META_BRI_IIFNAME] = META_TEMPLATE("ibriport", &ifname_type,
+ [NFT_META_BRI_IIFNAME] = META_TEMPLATE("ibridgename", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
- [NFT_META_BRI_OIFNAME] = META_TEMPLATE("obriport", &ifname_type,
+ [NFT_META_BRI_OIFNAME] = META_TEMPLATE("obridgename", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
[NFT_META_PKTTYPE] = META_TEMPLATE("pkttype", &pkttype_type,
@@ -451,6 +451,8 @@ static bool meta_key_is_qualified(enum nft_meta_keys key)
case NFT_META_PRIORITY:
case NFT_META_PRANDOM:
case NFT_META_SECPATH:
+ case NFT_META_BRI_IIFNAME:
+ case NFT_META_BRI_OIFNAME:
return true;
default:
return false;
@@ -652,6 +654,15 @@ struct error_record *meta_key_parse(const struct location *loc,
return NULL;
}
+ /* Backwards compat hack */
+ if (strcmp(str, "ibriport") == 0) {
+ *value = NFT_META_BRI_IIFNAME;
+ return NULL;
+ } else if (strcmp(str, "obriport") == 0) {
+ *value = NFT_META_BRI_OIFNAME;
+ return NULL;
+ }
+
len = (int)sizeof(buf);
size = sizeof(buf);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index f1617eeaf149..ab758cbe86ab 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -395,6 +395,8 @@ int nft_lex(void *, void *, void *);
%token RTCLASSID "rtclassid"
%token IBRIPORT "ibriport"
%token OBRIPORT "obriport"
+%token IBRIDGENAME "ibridgename"
+%token OBRIDGENAME "obridgename"
%token PKTTYPE "pkttype"
%token CPU "cpu"
%token IIFGROUP "iifgroup"
diff --git a/src/scanner.l b/src/scanner.l
index d908a8fefc4f..bb77f3d08d2b 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -486,7 +486,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"nftrace" { return NFTRACE; }
"rtclassid" { return RTCLASSID; }
"ibriport" { return IBRIPORT; }
+"ibridgename" { return IBRIDGENAME; }
"obriport" { return OBRIPORT; }
+"obridgename" { return OBRIDGENAME; }
"pkttype" { return PKTTYPE; }
"cpu" { return CPU; }
"iifgroup" { return IIFGROUP; }
diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t
new file mode 100644
index 000000000000..ed373677a442
--- /dev/null
+++ b/tests/py/bridge/meta.t
@@ -0,0 +1,6 @@
+:input;type filter hook input priority 0
+
+*bridge;test-bridge;input
+
+meta obridgename "br0";ok;meta obridgename "br0"
+meta ibridgename "br0";ok;meta ibridgename "br0"
diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload
new file mode 100644
index 000000000000..2728c0a5026d
--- /dev/null
+++ b/tests/py/bridge/meta.t.payload
@@ -0,0 +1,10 @@
+# meta obridgename "br0"
+bridge test-bridge input
+ [ meta load bri_oifname => reg 1 ]
+ [ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ]
+
+# meta ibridgename "br0"
+bridge test-bridge input
+ [ meta load bri_iifname => reg 1 ]
+ [ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ]
+
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t
index d68896dc0b9e..cfde9f32babe 100644
--- a/tests/py/inet/meta.t
+++ b/tests/py/inet/meta.t
@@ -14,3 +14,5 @@ meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6
meta nfproto ipv4 counter ip saddr 1.2.3.4;ok
meta secpath exists;ok
meta secpath missing;ok
+meta ibridgename "br0";fail
+meta obridgename "br0";fail
diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t
index d0682adf1366..c3afae79314c 100644
--- a/tests/py/ip/meta.t
+++ b/tests/py/ip/meta.t
@@ -7,3 +7,6 @@ meta l4proto icmp icmp type echo-request;ok;icmp type echo-request
meta l4proto ipv6-icmp icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert
meta l4proto 58 icmpv6 type nd-router-advert;ok;icmpv6 type nd-router-advert
icmpv6 type nd-router-advert;ok
+
+meta ibridgename "br0";fail
+meta obridgename "br0";fail
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
