Re: [PATCH nftables] meta: Add support for `time`

[Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>]

On Fri, Mar 08, 2019 at 10:59:44PM +0530, Karuna Grewal wrote:
> meta `time` can be used to match the timestamp of a packet.

Please, add tests for this to tests/py too.

Thanks.

>  include/linux/netfilter/nf_tables.h | 2 ++
>  src/meta.c                          | 3 +++
>  src/parser_bison.y                  | 1 +
>  src/scanner.l                       | 1 +
>  4 files changed, 7 insertions(+)
> 
> diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
> index 37036be0..a20fc966 100644
> --- a/include/linux/netfilter/nf_tables.h
> +++ b/include/linux/netfilter/nf_tables.h
> @@ -791,6 +791,7 @@ enum nft_exthdr_attributes {
>   * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
>   * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
>   * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
> + * @NFT_META_TSTAMP_NS: packet arrival time (skb->tstamp)
>   */
>  enum nft_meta_keys {
>  	NFT_META_LEN,
> @@ -821,6 +822,7 @@ enum nft_meta_keys {
>  	NFT_META_SECPATH,
>  	NFT_META_IIFKIND,
>  	NFT_META_OIFKIND,
> +	NFT_META_TSTAMP_NS,
>  };
>  
>  /**
> diff --git a/src/meta.c b/src/meta.c
> index 7e44a2a3..1b35e508 100644
> --- a/src/meta.c
> +++ b/src/meta.c
> @@ -450,6 +450,9 @@ const struct meta_template meta_templates[] = {
>  	[NFT_META_OIFKIND]	= META_TEMPLATE("oifkind",   &ifname_type,
>  						IFNAMSIZ * BITS_PER_BYTE,
>  						BYTEORDER_HOST_ENDIAN),
> +	[NFT_META_TSTAMP_NS] = META_TEMPLATE("timestamp", &time_type,
> +						8 * BITS_PER_BYTE,
> +						BYTEORDER_HOST_ENDIAN),
>  };
>  
>  static bool meta_key_is_unqualified(enum nft_meta_keys key)
> diff --git a/src/parser_bison.y b/src/parser_bison.y
> index b20be3a8..58914486 100644
> --- a/src/parser_bison.y
> +++ b/src/parser_bison.y
> @@ -3874,6 +3874,7 @@ meta_key_unqualified	:	MARK		{ $$ = NFT_META_MARK; }
>  			|       OIFGROUP	{ $$ = NFT_META_OIFGROUP; }
>  			|       CGROUP		{ $$ = NFT_META_CGROUP; }
>  			|       IPSEC		{ $$ = NFT_META_SECPATH; }
> +			|	TIMESTAMP	{ $$ = NFT_META_TSTAMP_NS; }
>  			;
>  
>  meta_stmt		:	META	meta_key	SET	stmt_expr
> diff --git a/src/scanner.l b/src/scanner.l
> index 6f83aa11..bfb8c558 100644
> --- a/src/scanner.l
> +++ b/src/scanner.l
> @@ -507,6 +507,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
>  "iifgroup"		{ return IIFGROUP; }
>  "oifgroup"		{ return OIFGROUP; }
>  "cgroup"		{ return CGROUP; }
> +"time"			{ return TIMESTAMP; }
>  
>  "classid"		{ return CLASSID; }
>  "nexthop"		{ return NEXTHOP; }
> -- 
> 2.17.1
>