@@ -296,7 +296,7 @@ A meta statement sets the value of a meta expression. The existing meta fields
are: priority, mark, pkttype, nftrace. +
[verse]
-*meta* {*mark* | *priority* | *pkttype* | *nftrace*} *set* 'value'
+*meta* {*mark* | *priority* | *pkttype* | *nftrace* | *broute*} *set* 'value'
A meta statement sets meta data associated with a packet. +
@@ -316,6 +316,9 @@ pkt_type
|nftrace |
ruleset packet tracing on/off. Use *monitor trace* command to watch traces|
0, 1
+|broute |
+broute on/off. packets are routed instead of being bridged|
+0, 1
|==========================
LIMIT STATEMENT
@@ -931,6 +931,7 @@ enum nft_exthdr_attributes {
* @NFT_META_TIME_HOUR: hour of day (in seconds)
* @NFT_META_SDIF: slave device interface index
* @NFT_META_SDIFNAME: slave device interface name
+ * @NFT_META_BRI_BROUTE: packet br_netfilter_broute bit
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -969,6 +970,7 @@ enum nft_meta_keys {
NFT_META_TIME_HOUR,
NFT_META_SDIF,
NFT_META_SDIFNAME,
+ NFT_META_BRI_BROUTE,
__NFT_META_IIFTYPE,
};
@@ -698,6 +698,8 @@ const struct meta_template meta_templates[] = {
[NFT_META_SDIFNAME] = META_TEMPLATE("sdifname", &ifname_type,
IFNAMSIZ * BITS_PER_BYTE,
BYTEORDER_HOST_ENDIAN),
+ [NFT_META_BRI_BROUTE] = META_TEMPLATE("broute", &integer_type,
+ 1 , BYTEORDER_HOST_ENDIAN),
};
static bool meta_key_is_unqualified(enum nft_meta_keys key)
@@ -9,3 +9,5 @@ meta ibrpvid 100;ok
meta protocol ip udp dport 67;ok
meta protocol ip6 udp dport 67;ok
+
+meta broute set 1;fail
@@ -35,3 +35,8 @@ bridge test-bridge input
[ cmp eq reg 1 0x00000011 ]
[ payload load 2b @ transport header + 2 => reg 1 ]
[ cmp eq reg 1 0x00004300 ]
+
+# meta broute set 1
+bridge test-bridge input
+ [ immediate reg 1 0x00000001 ]
+ [ meta set broute with reg 1 ]
new file mode 100644
@@ -0,0 +1,5 @@
+:prerouting;type filter hook prerouting priority 0
+
+*bridge;test-bridge;prerouting
+
+meta broute set 1;ok
new file mode 100644
@@ -0,0 +1,12 @@
+# meta broute set 1
+[
+ {
+ "mangle": {
+ "key": {
+ "meta": { "key": "broute" }
+ },
+ "value": 1
+ }
+ }
+]
+
new file mode 100644
@@ -0,0 +1,4 @@
+# meta broute set 1
+bridge test-bridge prerouting
+ [ immediate reg 1 0x00000001 ]
+ [ meta set broute with reg 1 ]
nftables userspace tool support for broute meta statement introduced in [1]. [1]: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20230224095251.11249-1-sriram.yagnaraman@est.tech/ Signed-off-by: Sriram Yagnaraman <sriram.yagnaraman@est.tech> --- doc/statements.txt | 5 ++++- include/linux/netfilter/nf_tables.h | 2 ++ src/meta.c | 2 ++ tests/py/bridge/meta.t | 2 ++ tests/py/bridge/meta.t.payload | 5 +++++ tests/py/bridge/redirect.t | 5 +++++ tests/py/bridge/redirect.t.json | 12 ++++++++++++ tests/py/bridge/redirect.t.payload | 4 ++++ 8 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 tests/py/bridge/redirect.t create mode 100644 tests/py/bridge/redirect.t.json create mode 100644 tests/py/bridge/redirect.t.payload