From: wenxu <wenxu@xxxxxxxxx>
This allows you to match the bridge pvid and vlan protocol, for
instance:
nft add rule bridge firewall zones meta ibrvproto 0x8100
nft add rule bridge firewall zones meta ibrpvid 100
Signed-off-by: wenxu <wenxu@xxxxxxxxx>
---
src/meta.c | 6 ++++++
tests/py/bridge/meta.t | 2 ++
tests/py/bridge/meta.t.json | 26 ++++++++++++++++++++++++++
3 files changed, 34 insertions(+)
diff --git a/src/meta.c b/src/meta.c
index 5901c99..d45d757 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -442,6 +442,12 @@ const struct meta_template meta_templates[] = {
[NFT_META_OIFKIND] = META_TEMPLATE("oifkind", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
+ [NFT_META_BRI_IIFPVID] = META_TEMPLATE("ibrpvid", &integer_type,
+ 2 * BITS_PER_BYTE,
+ BYTEORDER_HOST_ENDIAN),
+ [NFT_META_BRI_IIFVPROTO] = META_TEMPLATE("ibrvproto", &integer_type,
+ 2 * BITS_PER_BYTE,
+ BYTEORDER_HOST_ENDIAN),
};
static bool meta_key_is_unqualified(enum nft_meta_keys key)
diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t
index 88e819f..d9fb681 100644
--- a/tests/py/bridge/meta.t
+++ b/tests/py/bridge/meta.t
@@ -4,3 +4,5 @@
meta obrname "br0";ok
meta ibrname "br0";ok
+meta ibrvproto 0x8100;ok
+meta ibrpvid 100;ok
diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json
index 5df4773..0a5e64a 100644
--- a/tests/py/bridge/meta.t.json
+++ b/tests/py/bridge/meta.t.json
@@ -23,3 +23,29 @@
}
}
]
+
+# meta ibrvproto 0x8100
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "ibrvproto" }
+ },
+ "op": "==",
+ "right": 0x8100
+ }
+ }
+]
+
+# meta ibrpvid 100
+[
+ {
+ "match": {
+ "left": {
+ "meta": { "key": "ibrpvid" }
+ },
+ "op": "==",
+ "right": 100
+ }
+ }
+]
--
2.15.1
