@@ -1777,6 +1777,8 @@ enum nft_tunnel_key_attributes {
enum nft_tunnel_keys {
NFT_TUNNEL_PATH,
NFT_TUNNEL_ID,
+ NFT_TUNNEL_IPV4_SRC,
+ NFT_TUNNEL_IPV4_DST,
__NFT_TUNNEL_MAX
};
#define NFT_TUNNEL_MAX (__NFT_TUNNEL_MAX - 1)
@@ -31,6 +31,16 @@ static bool nft_tunnel_mode_match(enum nft_tunnel_mode priv_mode,
return false;
}
+static bool nft_tunnel_mode_match_ip(enum nft_tunnel_mode priv_mode,
+ struct ip_tunnel_info *tun_info)
+{
+ if (nft_tunnel_mode_match(priv_mode, tun_info->mode) &&
+ ip_tunnel_info_af(tun_info) == AF_INET)
+ return true;
+
+ return false;
+}
+
static void nft_tunnel_get_eval(const struct nft_expr *expr,
struct nft_regs *regs,
const struct nft_pktinfo *pkt)
@@ -60,6 +70,26 @@ static void nft_tunnel_get_eval(const struct nft_expr *expr,
else
regs->verdict.code = NFT_BREAK;
break;
+ case NFT_TUNNEL_IPV4_SRC:
+ if (!tun_info) {
+ regs->verdict.code = NFT_BREAK;
+ return;
+ }
+ if (nft_tunnel_mode_match_ip(priv->mode, tun_info))
+ *dest = tun_info->key.u.ipv4.src;
+ else
+ regs->verdict.code = NFT_BREAK;
+ break;
+ case NFT_TUNNEL_IPV4_DST:
+ if (!tun_info) {
+ regs->verdict.code = NFT_BREAK;
+ return;
+ }
+ if (nft_tunnel_mode_match_ip(priv->mode, tun_info))
+ *dest = tun_info->key.u.ipv4.dst;
+ else
+ regs->verdict.code = NFT_BREAK;
+ break;
default:
WARN_ON(1);
regs->verdict.code = NFT_BREAK;
@@ -89,6 +119,8 @@ static int nft_tunnel_get_init(const struct nft_ctx *ctx,
len = sizeof(u8);
break;
case NFT_TUNNEL_ID:
+ case NFT_TUNNEL_IPV4_SRC:
+ case NFT_TUNNEL_IPV4_DST:
len = sizeof(u32);
break;
default: