@@ -1779,6 +1779,8 @@ enum nft_tunnel_keys {
NFT_TUNNEL_ID,
NFT_TUNNEL_IPV4_SRC,
NFT_TUNNEL_IPV4_DST,
+ NFT_TUNNEL_IPV6_SRC,
+ NFT_TUNNEL_IPV6_DST,
__NFT_TUNNEL_MAX
};
#define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1)
@@ -41,6 +41,16 @@ static bool nft_tunnel_mode_match_ip(enum nft_tunnel_mode priv_mode,
return false;
}
+static bool nft_tunnel_mode_match_ip6(enum nft_tunnel_mode priv_mode,
+ struct ip_tunnel_info *tun_info)
+{
+ if (nft_tunnel_mode_match(priv_mode, tun_info->mode) &&
+ ip_tunnel_info_af(tun_info) == AF_INET6)
+ return true;
+
+ return false;
+}
+
static void nft_tunnel_get_eval(const struct nft_expr *expr,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
@@ -90,6 +100,28 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr,
else
regs->verdict.code = NFT_BREAK;
break;
+ case NFT_TUNNEL_IPV6_SRC:
+ if (!tun_info) {
+ regs->verdict.code = NFT_BREAK;
+ return;
+ }
+ if (nft_tunnel_mode_match_ip6(priv->mode, tun_info))
+ memcpy(dest, &tun_info->key.u.ipv6.src,
+ sizeof(struct in6_addr));
+ else
+ regs->verdict.code = NFT_BREAK;
+ break;
+ case NFT_TUNNEL_IPV6_DST:
+ if (!tun_info) {
+ regs->verdict.code = NFT_BREAK;
+ return;
+ }
+ if (nft_tunnel_mode_match_ip6(priv->mode, tun_info))
+ memcpy(dest, &tun_info->key.u.ipv6.dst,
+ sizeof(struct in6_addr));
+ else
+ regs->verdict.code = NFT_BREAK;
+ break;
default:
WARN_ON(1);
regs->verdict.code = NFT_BREAK;
@@ -123,6 +155,10 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
case NFT_TUNNEL_IPV4_DST:
len = sizeof(u32);
break;
+ case NFT_TUNNEL_IPV6_SRC:
+ case NFT_TUNNEL_IPV6_DST:
+ len = sizeof(struct in6_addr);
+ break;
default:
return -EOPNOTSUPP;
}