+1

include/net/netfilter/nf_tables.h

reviewed

··· 16 16 const struct nf_hook_ops *ops; 17 17 u8 nhoff; 18 18 u8 thoff; 19 19 + u8 tprot; 19 20 /* for x_tables compatibility */ 20 21 struct xt_action_param xt; 21 22 };

+2 -1

include/net/netfilter/nf_tables_ipv4.h

reviewed

··· 15 15 16 16 nft_set_pktinfo(pkt, ops, skb, in, out); 17 17 18 18 - pkt->xt.thoff = ip_hdrlen(pkt->skb); 19 18 ip = ip_hdr(pkt->skb); 19 19 + pkt->tprot = ip->protocol; 20 20 + pkt->xt.thoff = ip_hdrlen(pkt->skb); 20 21 pkt->xt.fragoff = ntohs(ip->frag_off) & IP_OFFSET; 21 22 } 22 23

+1

include/net/netfilter/nf_tables_ipv6.h

reviewed

··· 21 21 if (protohdr < 0) 22 22 return -1; 23 23 24 24 + pkt->tprot = protohdr; 24 25 pkt->xt.thoff = thoff; 25 26 pkt->xt.fragoff = frag_off; 26 27

+2

include/uapi/linux/netfilter/nf_tables.h

reviewed

··· 532 532 * @NFT_META_RTCLASSID: realm value of packet's route (skb->dst->tclassid) 533 533 * @NFT_META_SECMARK: packet secmark (skb->secmark) 534 534 * @NFT_META_NFPROTO: netfilter protocol 535 535 + * @NFT_META_L4PROTO: layer 4 protocol number 535 536 */ 536 537 enum nft_meta_keys { 537 538 NFT_META_LEN, ··· 551 550 NFT_META_RTCLASSID, 552 551 NFT_META_SECMARK, 553 552 NFT_META_NFPROTO, 553 553 + NFT_META_L4PROTO, 554 554 }; 555 555 556 556 /**

+4

net/netfilter/nft_meta.c

reviewed

··· 46 46 case NFT_META_NFPROTO: 47 47 dest->data[0] = pkt->ops->pf; 48 48 break; 49 49 + case NFT_META_L4PROTO: 50 50 + dest->data[0] = pkt->tprot; 51 51 + break; 49 52 case NFT_META_PRIORITY: 50 53 dest->data[0] = skb->priority; 51 54 break; ··· 188 185 case NFT_META_LEN: 189 186 case NFT_META_PROTOCOL: 190 187 case NFT_META_NFPROTO: 188 188 + case NFT_META_L4PROTO: 191 189 case NFT_META_PRIORITY: 192 190 case NFT_META_MARK: 193 191 case NFT_META_IIF: