projects / platform / kernel / linux-rpi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0e795b3) | patch
netfilter: nft_meta: add inner match support
authorPablo Neira Ayuso <pablo@netfilter.org>
Mon, 17 Oct 2022 11:03:33 +0000 (13:03 +0200)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 25 Oct 2022 11:48:42 +0000 (13:48 +0200)
commita150d122b6bdb84df532057aa3b2faf8c6485792
tree35293ab12ec1addca9159e2e30dbded64aafaa03tree | snapshot
parent0e795b37ba044893107f887b037594645a6fc584commit | diff
netfilter: nft_meta: add inner match support

Add support for inner meta matching on:

- NFT_META_PROTOCOL: to match on the ethertype, this can be used
  regardless tunnel protocol provides no link layer header, in that case
  nft_inner sets on the ethertype based on the IP header version field.
- NFT_META_L4PROTO: to match on the layer 4 protocol.

These meta expression are usually autogenerated as dependencies by
userspace nftables.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
include/net/netfilter/nft_meta.h diff | blob | history
net/netfilter/nft_inner.c diff | blob | history
net/netfilter/nft_meta.c diff | blob | history
Domain: System / Kernel;