在 2019/10/23 18:16, Pablo Neira Ayuso 写道:
> On Wed, Oct 23, 2019 at 11:49:57AM +0800, wenxu wrote:
>> On 10/22/2019 11:47 PM, Pablo Neira Ayuso wrote:
>>> Hi,
>>>
>>> This is a RFC patchset, untested, to introduce new infrastructure to
>>> specify protocol decapsulation and encapsulation actions. This patchset
>>> comes with initial support for VLAN, eg.
>>>
>>> 1) VLAN decapsulation:
>>>
>>> ... meta iif . vlan id { eth0 . 10, eth1 . 11} decap vlan
>>>
>>> The decapsulation is a single statement with no extra options.
>> Currently there is no vlan meta match expr. So it is better to
>> extend the meta expr or add new ntf_vlan_get_expr?
> There's nft_payload to get the vlan information.
>
There are some limtaion for geting the vlan information through nft_payload
1. It can't get the inner vlan(cvlan) information
2. geting the vlan information is based on offset on link header, There is no good way
to offload the vlan match expr.
