git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Thu, 21 Aug 2025 09:12:58 +0000 (11:12 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 27 Aug 2025 21:51:03 +0000 (23:51 +0200)
commit	a937a5dc02db3c919431718c0030c54c2eaafd73
tree	595b58bec9707f5c7c59258fbbc16a40f7bbc04d	tree \| snapshot
parent	ffc40b38d58d3f754d20c0e586981b2f442a247e	commit \| diff

src: add tunnel statement and expression support

This patch allows you to attach tunnel metadata through the tunnel
statement.

The following example shows how to redirect traffic to the erspan0
tunnel device which will take the tunnel configuration that is
specified by the ruleset.

     table netdev x {
            tunnel y {
                    id 10
                    ip saddr 192.168.2.10
                    ip daddr 192.168.2.11
                    sport 10
                    dport 20
                    ttl 10
                    erspan {
                            version 1
                            index 2
                    }
            }

    chain x {
    type filter hook ingress device veth0 priority 0;

    ip daddr 10.141.10.123 tunnel name y fwd to erspan0
    }
     }

This patch also allows to match on tunnel metadata via tunnel expression.

Joint work with Fernando.

Signed-off-by: Fernando Fernandez Mancera <fmancera@suse.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Makefile.am		diff \| blob \| blame \| history
include/expression.h		diff \| blob \| blame \| history
include/tunnel.h	[new file with mode: 0644]	blob
src/evaluate.c		diff \| blob \| blame \| history
src/expression.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/netlink_linearize.c		diff \| blob \| blame \| history
src/parser_bison.y		diff \| blob \| blame \| history
src/scanner.l		diff \| blob \| blame \| history
src/statement.c		diff \| blob \| blame \| history
src/tunnel.c	[new file with mode: 0644]	blob