diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2026-03-22 23:51:47 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2026-04-08 07:51:31 +0200 |
| commit | 3785091c6c16a1ce4a5e0460881fc81ed8d2c8a1 (patch) | |
| tree | a7e8dd1f690ad3913a8733d92b557eb4520118d8 /tools/testing/vma/include/git@git.tavy.me:linux.git | |
| parent | a3f1e6a19a5dccb7a29d941b3acee0a3974974f4 (diff) | |
netfilter: nft_meta: add double-tagged vlan and pppoe support
Currently:
add rule netdev x y ip saddr 1.1.1.1
does not work with neither double-tagged vlan nor pppoe packets. This is
because the network and transport header offset are not pointing to the
IP and transport protocol headers in the stack.
This patch expands NFT_META_PROTOCOL and NFT_META_L4PROTO to parse
double-tagged vlan and pppoe packets so matching network and transport
header fields becomes possible with the existing userspace generated
bytecode. Note that this parser only supports double-tagged vlan which
is composed of vlan offload + vlan header in the skb payload area for
simplicity.
NFT_META_PROTOCOL is used by bridge and netdev family as an implicit
dependency in the bytecode to match on network header fields.
Similarly, there is also NFT_META_L4PROTO, which is also used as an
implicit dependency when matching on the transport protocol header
fields.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tools/testing/vma/include/git@git.tavy.me:linux.git')
0 files changed, 0 insertions, 0 deletions