On Wed, Dec 18, 2019 at 12:05:12PM +0100, Florian Westphal wrote: > Martin Willi recently proposed addition of new xt_slavedev module to > allow matching the real interface within a VRF domain. > > This adds an nft equivalent: > > meta sdif "realdev" accept > meta sdifname "realdev" accept > > In case packet had no vrf slave, sdif stores 0 or "" name, just > like 'oif/oifname' would on input. > > sdif(name) is restricted to the ipv4/ipv6 input and forward hooks, > as it depends on ip(6) stack parsing/storing info in skb->cb[]. > > Because meta main eval function is now exceeding more than 200 LOC, > the first patches are diet work to debloat the function by using > helpers where appropriate. > > Last patch adds the sdif/sdifname functionality. Series applied, thanks Florian.
