From: wenxu <wenxu@xxxxxxxxx> This allows you to match the bridge pvid and vlan protocol, for instance: nft add rule bridge firewall zones meta ibrvproto 0x8100 nft add rule bridge firewall zones meta ibrpvid 100 Signed-off-by: wenxu <wenxu@xxxxxxxxx> --- src/meta.c | 6 ++++++ tests/py/bridge/meta.t | 2 ++ tests/py/bridge/meta.t.json | 26 ++++++++++++++++++++++++++ tests/py/bridge/meta.t.payload | 9 +++++++++ 4 files changed, 43 insertions(+) diff --git a/src/meta.c b/src/meta.c index 5901c99..d45d757 100644 --- a/src/meta.c +++ b/src/meta.c @@ -442,6 +442,12 @@ const struct meta_template meta_templates[] = { [NFT_META_OIFKIND] = META_TEMPLATE("oifkind", &ifname_type, IFNAMSIZ * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), + [NFT_META_BRI_IIFPVID] = META_TEMPLATE("ibrpvid", &integer_type, + 2 * BITS_PER_BYTE, + BYTEORDER_HOST_ENDIAN), + [NFT_META_BRI_IIFVPROTO] = META_TEMPLATE("ibrvproto", &integer_type, + 2 * BITS_PER_BYTE, + BYTEORDER_HOST_ENDIAN), }; static bool meta_key_is_unqualified(enum nft_meta_keys key) diff --git a/tests/py/bridge/meta.t b/tests/py/bridge/meta.t index 88e819f..d9fb681 100644 --- a/tests/py/bridge/meta.t +++ b/tests/py/bridge/meta.t @@ -4,3 +4,5 @@ meta obrname "br0";ok meta ibrname "br0";ok +meta ibrvproto 0x8100;ok +meta ibrpvid 100;ok diff --git a/tests/py/bridge/meta.t.json b/tests/py/bridge/meta.t.json index 5df4773..0a5e64a 100644 --- a/tests/py/bridge/meta.t.json +++ b/tests/py/bridge/meta.t.json @@ -23,3 +23,29 @@ } } ] + +# meta ibrvproto 0x8100 +[ + { + "match": { + "left": { + "meta": { "key": "ibrvproto" } + }, + "op": "==", + "right": 0x8100 + } + } +] + +# meta ibrpvid 100 +[ + { + "match": { + "left": { + "meta": { "key": "ibrpvid" } + }, + "op": "==", + "right": 100 + } + } +] diff --git a/tests/py/bridge/meta.t.payload b/tests/py/bridge/meta.t.payload index 0f0d101..e5793a9 100644 --- a/tests/py/bridge/meta.t.payload +++ b/tests/py/bridge/meta.t.payload @@ -8,3 +8,12 @@ bridge test-bridge input [ meta load bri_iifname => reg 1 ] [ cmp eq reg 1 0x00307262 0x00000000 0x00000000 0x00000000 ] +# meta ibrvproto 0x8100 +bridge test-bridge input + [ meta load bri_iifvproto => reg 1 ] + [ cmp eq reg 1 0x00008100 ] + +# meta ibrpvid 100 +bridge test-bridge input + [ meta load bri_iifpvid => reg 1 ] + [ cmp eq reg 1 0x00000064 ] -- 2.15.1