meta: Add support for input and output bridge interface name

Add support to get an input or output bridge interface name through the
relevant meta keys.

Signed-off-by: Tomasz Bursztyka <tomasz.bursztyka@linux.intel.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index ff9b0a732b88d267eed465d46b011ea684cdf9a8..a5f8ec05f8a78cc9b80a7dfb38fe82aaa45550fa 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -533,6 +533,8 @@ enum nft_exthdr_attributes {
  * @NFT_META_SECMARK: packet secmark (skb->secmark)
  * @NFT_META_NFPROTO: netfilter protocol
  * @NFT_META_L4PROTO: layer 4 protocol number
+ * @NFT_META_BRI_IIFNAME: packet input bridge interface name
+ * @NFT_META_BRI_OIFNAME: packet output bridge interface name
  */
 enum nft_meta_keys {
        NFT_META_LEN,
@@ -552,6 +554,8 @@ enum nft_meta_keys {
        NFT_META_SECMARK,
        NFT_META_NFPROTO,
        NFT_META_L4PROTO,
+       NFT_META_BRI_IIFNAME,
+       NFT_META_BRI_OIFNAME,
 };
 
 /**

diff --git a/src/meta.c b/src/meta.c
index 173040ef6ae2f1946c222176d7775b2d738e766c..80f88ffbb7ad0ca0163cd8b7b0770b06a0587420 100644 (file)
--- a/src/meta.c
+++ b/src/meta.c
@@ -332,6 +332,12 @@ static const struct meta_template meta_templates[] = {
                                                1    , BYTEORDER_HOST_ENDIAN),
        [NFT_META_RTCLASSID]    = META_TEMPLATE("rtclassid", &realm_type,
                                                4 * 8, BYTEORDER_HOST_ENDIAN),
+       [NFT_META_BRI_IIFNAME]  = META_TEMPLATE("ibriport",  &string_type,
+                                               IFNAMSIZ * BITS_PER_BYTE,
+                                               BYTEORDER_HOST_ENDIAN),
+       [NFT_META_BRI_OIFNAME]  = META_TEMPLATE("obriport",  &string_type,
+                                               IFNAMSIZ * BITS_PER_BYTE,
+                                               BYTEORDER_HOST_ENDIAN),
 };
 
 static void meta_expr_print(const struct expr *expr)

diff --git a/src/parser.y b/src/parser.y
index de5c0edf50450ec0affc20c1f222b057d85371ab..010cf9c38149d80adb9ab6e88976da134d954566 100644 (file)
--- a/src/parser.y
+++ b/src/parser.y
@@ -304,6 +304,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
 %token SKGID                   "skgid"
 %token NFTRACE                 "nftrace"
 %token RTCLASSID               "rtclassid"
+%token IBRIPORT                        "ibriport"
+%token OBRIPORT                        "obriport"
 
 %token CT                      "ct"
 %token DIRECTION               "direction"
@@ -1563,6 +1565,8 @@ meta_key_unqualified      :       MARK            { $$ = NFT_META_MARK; }
                        |       SKGID           { $$ = NFT_META_SKGID; }
                        |       NFTRACE         { $$ = NFT_META_NFTRACE; }
                        |       RTCLASSID       { $$ = NFT_META_RTCLASSID; }
+                       |       IBRIPORT        { $$ = NFT_META_BRI_IIFNAME; }
+                       |       OBRIPORT        { $$ = NFT_META_BRI_OIFNAME; }
                        ;
 
 meta_stmt              :       META    meta_key        SET     expr

diff --git a/src/scanner.l b/src/scanner.l
index 47c5933c56e5762fa886299abb30a6beec84256c..69d6b8f8e57e0867b452b96d5ff051af9b4e6999 100644 (file)
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -402,6 +402,8 @@ addrstring  ({macaddr}|{ip4addr}|{ip6addr})
 "skgid"                        { return SKGID; }
 "nftrace"              { return NFTRACE; }
 "rtclassid"            { return RTCLASSID; }
+"ibriport"             { return IBRIPORT; }
+"obriport"             { return OBRIPORT; }
 
 "ct"                   { return CT; }
 "direction"            { return DIRECTION; }