netfilter: nft_meta: add NFT_META_IFTYPE

Generalize NFT_META_IIFTYPE to NFT_META_IFTYPE which allows you to match on the interface type of the skb->dev field. This field is used by the netdev family to add an implicit dependency to skip non-ethernet packets when matching on layer 3 and 4 TCP/IP header fields. For backward compatibility, add the NFT_META_IIFTYPE alias to NFT_META_IFTYPE. Add __NFT_META_IIFTYPE, to be used by userspace in the future to match specifically on the iiftype. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-10-25 16:43:29 +0300
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-01 11:29:20 +0300
commit: 56fa95014a0447f798444e626091cbeb3176af24 (patch)
tree: 188f359c246918a4f29ec3f93bd3178a2ac31d0b /include/uapi
parent: b7b1d02fc43925a4d569ec221715db2dfa1ce4f5 (diff)
download: linux-56fa95014a0447f798444e626091cbeb3176af24.tar.xz
1 files changed, 3 insertions, 1 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index e94d1fa554cb..08db4ee06ab6 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -896,7 +896,8 @@ enum nft_meta_keys {
 	NFT_META_OIF,
 	NFT_META_IIFNAME,
 	NFT_META_OIFNAME,
-	NFT_META_IIFTYPE,
+	NFT_META_IFTYPE,
+#define NFT_META_IIFTYPE	NFT_META_IFTYPE
 	NFT_META_OIFTYPE,
 	NFT_META_SKUID,
 	NFT_META_SKGID,
@@ -923,6 +924,7 @@ enum nft_meta_keys {
 	NFT_META_TIME_HOUR,
 	NFT_META_SDIF,
 	NFT_META_SDIFNAME,
+	__NFT_META_IIFTYPE,
 };
 
 /**
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-10-25 16:43:29 +0300
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-01 11:29:20 +0300
commit	56fa95014a0447f798444e626091cbeb3176af24 (patch)
tree	188f359c246918a4f29ec3f93bd3178a2ac31d0b /include/uapi
parent	b7b1d02fc43925a4d569ec221715db2dfa1ce4f5 (diff)
download	linux-56fa95014a0447f798444e626091cbeb3176af24.tar.xz