@@ -793,6 +793,7 @@ enum nft_exthdr_attributes {
* @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
* @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
* @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_TSTAMP_NS: packet arriavl time (skb->tstamp)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -823,6 +824,7 @@ enum nft_meta_keys {
NFT_META_SECPATH,
NFT_META_IIFKIND,
NFT_META_OIFKIND,
+ NFT_META_TSTAMP_NS,
};
/**
@@ -254,6 +254,11 @@ void nft_meta_get_eval(const struct nft_expr *expr,
goto err;
strncpy((char *)dest, out->rtnl_link_ops->kind, IFNAMSIZ);
break;
+ case NFT_META_TSTAMP_NS:
+ if (skb->tstamp == 0)
+ __net_timestamp((struct sk_buff *)skb);
+ *((u64*)dest) = ktime_to_ns(skb->tstamp);
+ break;
default:
WARN_ON(1);
goto err;
@@ -371,6 +376,9 @@ static int nft_meta_get_init(const struct nft_ctx *ctx,
len = IFNAMSIZ;
break;
#endif
+ case NFT_META_TSTAMP_NS:
+ len = sizeof(u64);
+ break;
default:
return -EOPNOTSUPP;
}
Meta evaluation function is extended to suport NFT_META_TSTAMP_NS option by exposing the 64 bit timestamp of the packet to two 32 bit registers. Signed-off-by: Karuna Grewal <karunagrewal98@gmail.com> --- include/uapi/linux/netfilter/nf_tables.h | 2 ++ net/netfilter/nft_meta.c | 8 ++++++++ 2 files changed, 10 insertions(+)