On 7/8/2019 5:20 PM, Nikolay Aleksandrov wrote:
> On 07/07/2019 16:37, wenxu@xxxxxxxxx wrote:
>> From: wenxu <wenxu@xxxxxxxxx>
>>
>> This patch provide a meta vlan to set the vlan tag of the packet.
>>
>> for q-in-q outer vlan id 20:
>> meta vlan set 0x88a8:20
>>
>> set the default 0x8100 vlan type with vlan id 20
>> meta vlan set 20
>>
>> Signed-off-by: wenxu <wenxu@xxxxxxxxx>
>> ---
>> include/net/netfilter/nft_meta.h | 5 ++++-
>> include/uapi/linux/netfilter/nf_tables.h | 4 ++++
>> net/netfilter/nft_meta.c | 27 +++++++++++++++++++++++++++
>> 3 files changed, 35 insertions(+), 1 deletion(-)
>>
> So mac_len is (mostly) only updated at receive, how do you deal with the
> mac header at egress, specifically if it's a locally originating packet ?
> I think it will be 0 and data will be pointing at the network header, take
> NF_INET_LOCAL_OUT for example.
The nft_meta set mode in the bridge family is only limit for NF_BR_PRE_ROUTING( ingress)
static int nft_meta_set_validate(const struct nft_ctx *ctx,
const struct nft_expr *expr,
const struct nft_data **data)
{
struct nft_meta *priv = nft_expr_priv(expr);
unsigned int hooks;
if (priv->key != NFT_META_PKTTYPE)
return 0;
switch (ctx->family) {
case NFPROTO_BRIDGE:
hooks = 1 << NF_BR_PRE_ROUTING;
break;
>
>
>
>
