src: add dup statement for netdev

This patch contains the missing chunk to add support for the netdev
family. Part of the support slipped through in the original patch to
add the dup statement for IPv4 and IPv6.

 # nft add table netdev filter
 # nft add chain netdev filter ingress { type filter hook ingress device eth0 priority 0\; }
 # nft add rule netdev filter ingress dup to dummy0

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 6277f14e8fc215b3f3a7d98401c42c378559397d..ce132e3c84c588a1ec59b3bc13fbe0402976a3d3 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1864,6 +1864,21 @@ static int stmt_evaluate_dup(struct eval_ctx *ctx, struct stmt *stmt)
                                return err;
                }
                break;
+       case NFPROTO_NETDEV:
+               if (stmt->dup.to == NULL)
+                       return stmt_error(ctx, stmt,
+                                         "missing destination interface");
+               if (stmt->dup.dev != NULL)
+                       return stmt_error(ctx, stmt, "cannot specify device");
+
+               err = stmt_evaluate_arg(ctx, stmt, &ifindex_type,
+                                       sizeof(uint32_t) * BITS_PER_BYTE,
+                                       &stmt->dup.to);
+               if (err < 0)
+                       return err;
+               break;
+       default:
+               return stmt_error(ctx, stmt, "unsupported family");
        }
        return 0;
 }

diff --git a/tests/py/any/dup.t b/tests/py/any/dup.t
new file mode 100644 (file)
index 0000000..7df24a1
--- /dev/null
+++ b/tests/py/any/dup.t
@@ -0,0 +1,7 @@
+:ingress;type filter hook ingress device lo priority 0
+
+*netdev;test-netdev;ingress
+
+dup to lo;ok
+dup to mark map { 0x00000001 : lo, 0x00000002 : lo};ok
+

diff --git a/tests/py/any/dup.t.payload b/tests/py/any/dup.t.payload
new file mode 100644 (file)
index 0000000..206a9ec
--- /dev/null
+++ b/tests/py/any/dup.t.payload
@@ -0,0 +1,14 @@
+# dup to lo
+netdev test-netdev ingress 
+  [ immediate reg 1 0x00000001 ]
+  [ dup sreg_dev 1 ]
+
+# dup to mark map { 0x00000001 : lo, 0x00000002 : lo}
+map%d test-netdev b
+map%d test-netdev 0
+       element 00000001  : 00000001 0 [end]    element 00000002  : 00000001 0 [end]
+netdev test-netdev ingress 
+  [ meta load mark => reg 1 ]
+  [ lookup reg 1 set map%d dreg 1 ]
+  [ dup sreg_dev 1 ]
+