Hi
I am trying to use libnftnl to construct this:
table netdev filter {
chain in {
type filter hook ingress device pru20 priority 0; policy accept;
vlan type 0x88ba
}
}
I do :
add_meta(r, NFT_META_IIFTYPE, NFT_REG_1);
uint32_t iiftype = 1;
add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &iiftype, sizeof(iiftype));
add_payload(r, NFT_PAYLOAD_LL_HEADER, NFT_REG_1, 12, sizeof(uint16_t));
uint16_t vtype = htons(ETH_P_8021Q);
add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &vtype, sizeof(vtype));
add_payload(r, NFT_PAYLOAD_LL_HEADER, NFT_REG_1, 16, sizeof(uint16_t));
uint16_t et = htons(0x88ba);
add_cmp(r, NFT_REG_1, NFT_CMP_EQ, &et, sizeof(et));
This produces the following rule
table netdev filter {
chain in {
type filter hook ingress device pru20 priority 0; policy drop;
iiftype ether @ll,96,16 33024 @ll,128,16 35002
}
}
When I manually add the constructed rule:
#nft add rule netdev filter in iiftype ether @ll,96,16 33024 @ll,128,16 35002
then nft list ruleset translates it correctly so I assume that this rule is built right:
table netdev filter {
chain in {
type filter hook ingress device pru20 priority 0; policy drop;
iiftype ether @ll,96,16 33024 @ll,128,16 35002 <- constructed with code above
vlan type 0x88ba <- manually added, same rule as above but translated ok
}
}
My questions:
- What are the correct enums to use for e.g iiftype =1;?
- Is there something like offsetof(struct ???, vlan) which I could use instead of hardcoded offset?
- Why does list ruleset show the coded rule differently from the manually added one?
- uint16_t vtype = htons(ETH_P_8021Q); seems weird to use htons here, is there another enum I should use?
Any help is highly appreaciated.
BR
Andy
