On 12/18/19 4:05 AM, Florian Westphal wrote: > Allow to match on vrf slave ifindex or name. > > In case there was no slave interface involved, store 0 in the > destination register just like existing iif/oif matching. > > sdif(name) is restricted to the ipv4/ipv6 input and forward hooks, > as it depends on ip(6) stack parsing/storing info in skb->cb[]. > > Cc: Martin Willi <martin@xxxxxxxxxxxxxx> > Cc: David Ahern <dsahern@xxxxxxxxxx> > Cc: Shrijeet Mukherjee <shrijeet@xxxxxxxxx> > Signed-off-by: Florian Westphal <fw@xxxxxxxxx> > --- > include/uapi/linux/netfilter/nf_tables.h | 4 ++ > net/netfilter/nft_meta.c | 76 +++++++++++++++++++++--- > 2 files changed, 73 insertions(+), 7 deletions(-) > do you have an example that you can share?
