| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20190627191250.jttcfmt5uv7y536x@salvia>
Date: Thu, 27 Jun 2019 21:12:50 +0200
From: Pablo Neira Ayuso <pablo@...filter.org>
To: wenxu@...oud.cn
Cc: fw@...len.de, netfilter-devel@...r.kernel.org,
netdev@...r.kernel.org
Subject: Re: [PATCH 1/2 nf-next v2] netfilter: nft_meta: add
NFT_META_BRI_O/IIFVPROTO support
On Thu, Jun 27, 2019 at 09:07:14PM +0800, wenxu@...oud.cn wrote:
> From: wenxu <wenxu@...oud.cn>
>
> This patch provide a meta to get the bridge vlan proto
>
> nft add rule bridge firewall zones counter meta br_iifvproto 0x8100
>
> Signed-off-by: wenxu <wenxu@...oud.cn>
> ---
> include/uapi/linux/netfilter/nf_tables.h | 4 ++++
> net/netfilter/nft_meta.c | 18 ++++++++++++++++++
> 2 files changed, 22 insertions(+)
>
> diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
> index 8859535..0f75a6d 100644
> --- a/include/uapi/linux/netfilter/nf_tables.h
> +++ b/include/uapi/linux/netfilter/nf_tables.h
> @@ -796,6 +796,8 @@ enum nft_exthdr_attributes {
> * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
> * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
> * @NFT_META_BRI_PVID: packet input bridge port pvid
An initial patch to re-name NFT_META_BRI_PVID to NFT_META_BRI_IIFVID
would be good, and to add NFT_META_BRI_OIFVID... if you have a usecase
for this, of course.
Thanks.
Powered by blists - more mailing lists