Re: [PATCH nf-next v3] netfilter:nft_meta: add NFT_META_VLAN support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 7/8/2019 5:20 PM, Nikolay Aleksandrov wrote:
> On 07/07/2019 16:37, wenxu@xxxxxxxxx wrote:
>> From: wenxu <wenxu@xxxxxxxxx>
>>
>> This patch provide a meta vlan to set the vlan tag of the packet.
>>
>> for q-in-q outer vlan id 20:
>> meta vlan set 0x88a8:20
>>
>> set the default 0x8100 vlan type with vlan id 20
>> meta vlan set 20
>>
>> Signed-off-by: wenxu <wenxu@xxxxxxxxx>
>> ---
>>  include/net/netfilter/nft_meta.h         |  5 ++++-
>>  include/uapi/linux/netfilter/nf_tables.h |  4 ++++
>>  net/netfilter/nft_meta.c                 | 27 +++++++++++++++++++++++++++
>>  3 files changed, 35 insertions(+), 1 deletion(-)
>>
> So mac_len is (mostly) only updated at receive, how do you deal with the
> mac header at egress, specifically if it's a locally originating packet ?
> I think it will be 0 and data will be pointing at the network header, take
> NF_INET_LOCAL_OUT for example.

The nft_meta set mode in the bridge family is only limit for NF_BR_PRE_ROUTING( ingress)


static int nft_meta_set_validate(const struct nft_ctx *ctx,
                 const struct nft_expr *expr,
                 const struct nft_data **data)
{
    struct nft_meta *priv = nft_expr_priv(expr);
    unsigned int hooks;

    if (priv->key != NFT_META_PKTTYPE)
        return 0;

    switch (ctx->family) {
    case NFPROTO_BRIDGE:
        hooks = 1 << NF_BR_PRE_ROUTING;
        break;
 

>
>
>
>



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux