netfilter: nft_meta_bridge: add NFT_META_BRI_IIFPVID support

This patch allows you to match on the bridge port pvid, eg. nft add rule bridge firewall zones counter meta ibrpvid 10 Signed-off-by: wenxu <wenxu@ucloud.cn> Reviewed-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: wenxu <wenxu@ucloud.cn> 2019-07-05 16:16:35 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-07-05 22:34:49 +0300
commit: c54c7c685494fc0f1662091d4d0c4fc26e810471 (patch)
tree: 12b96b788cfda4cd4df84ea2476023b200d6f697 /include/uapi
parent: 7582f5b70f9a2335f3713edb9a2614a50f1f1a90 (diff)
download: linux-c54c7c685494fc0f1662091d4d0c4fc26e810471.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index c53d581643fe..87474920615a 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -795,6 +795,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
  * @NFT_META_IIFKIND: packet input interface kind name (dev->rtnl_link_ops->kind)
  * @NFT_META_OIFKIND: packet output interface kind name (dev->rtnl_link_ops->kind)
+ * @NFT_META_BRI_IIFPVID: packet input bridge port pvid
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -825,6 +826,7 @@ enum nft_meta_keys {
 	NFT_META_SECPATH,
 	NFT_META_IIFKIND,
 	NFT_META_OIFKIND,
+	NFT_META_BRI_IIFPVID,
 };
 
 /**
author	wenxu <wenxu@ucloud.cn>	2019-07-05 16:16:35 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-07-05 22:34:49 +0300
commit	c54c7c685494fc0f1662091d4d0c4fc26e810471 (patch)
tree	12b96b788cfda4cd4df84ea2476023b200d6f697 /include/uapi
parent	7582f5b70f9a2335f3713edb9a2614a50f1f1a90 (diff)
download	linux-c54c7c685494fc0f1662091d4d0c4fc26e810471.tar.xz