Meta evaluation function is extended to suport NFT_META_TSTAMP_NS option
by exposing the 64 bit timestamp of the packet to two 32 bit registers.
Signed-off-by: Karuna Grewal <karunagrewal98@xxxxxxxxx>
---
include/uapi/linux/netfilter/nf_tables.h | 2 ++
net/netfilter/nft_meta.c | 9 +++++++++
2 files changed, 11 insertions(+)
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index a66c8de006cc..61f8f604c614 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -793,6 +793,7 @@ enum nft_exthdr_attributes {
* @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
* @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
* @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_TSTAMP_NS: packet arrival time (skb->tstamp)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -823,6 +824,7 @@ enum nft_meta_keys {
NFT_META_SECPATH,
NFT_META_IIFKIND,
NFT_META_OIFKIND,
+ NFT_META_TSTAMP_NS
};
/**
diff --git a/net/netfilter/nft_meta.c b/net/netfilter/nft_meta.c
index 987d2d6ce624..adfa1f221946 100644
--- a/net/netfilter/nft_meta.c
+++ b/net/netfilter/nft_meta.c
@@ -254,6 +254,13 @@ void nft_meta_get_eval(const struct nft_expr *expr,
goto err;
strncpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ);
break;
+ case NFT_META_TSTAMP_NS:
+ if (skb->tstamp == 0)
+ __net_timestamp((struct sk_buff *)skb);
+ u64 timestamp = ktime_to_ns(skb->tstamp);
+ *dest = (u32)(timestamp >> 32);
+ *(dest + 1) = (u32) timestamp;
+ break;
default:
WARN_ON(1);
goto err;
@@ -371,6 +378,8 @@ static int nft_meta_get_init(const struct nft_ctx *ctx,
len = IFNAMSIZ;
break;
#endif
+ case NFT_META_TSTAMP_NS:
+ len = sizeof(u64);
default:
return -EOPNOTSUPP;
}
--
2.17.1
