On 6/19/2019 12:40 AM, Pablo Neira Ayuso wrote:
> On Sat, Jun 15, 2019 at 08:14:21PM +0800, wenxu@xxxxxxxxx wrote:
> [...]
>> +static void nft_bridge_pvid_eval(const struct nft_expr *expr,
>> + struct nft_regs *regs,
>> + const struct nft_pktinfo *pkt)
>> +{
>> + struct sk_buff *skb = pkt->skb;
>> + struct net_bridge_port *p;
>> +
>> + p = br_port_get_rtnl_rcu(skb->dev);
>> +
>> + if (p && br_opt_get(p->br, BROPT_VLAN_ENABLED) &&
>> + !skb_vlan_tag_present(skb)) {
>> + u16 pvid = br_get_pvid(nbp_vlan_group_rcu(p));
>> +
>> + if (pvid)
>> + __vlan_hwaccel_put_tag(skb, p->br->vlan_proto, pvid);
> I see two things here:
>
> #1 Extend new NFT_META_BRIDGE_PVID nft_meta to fetch of 'pvid',
> probably add net/bridge/netfilter/nft_meta_bridge.c for this.
I can get this, it provide a bridge pvid (get meta). But why put it in
nft_meta_bridge.c but not nft_meta.c?
>
> #2 Extend nft_meta to allow to set the vlan tag via
> __vlan_hwaccel_put_tag().
why there is also extend nft_meta? So it's a set meta. Is "vlan id set"
not base on nft_payload ?
>
> If these two changes are in place, then it should be possible to set
> skbuff vlan id based on the pvid, if this is what you need.
>
> This would allow for:
>
> vlan id set bridge pvid
>
