From 43146d504c34003fe94389b0717c9f79c6de792d Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Wed, 5 Sep 2018 11:16:40 +0200
Subject: expr: rt: ipsec match support

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/linux/netfilter/nf_tables.h | 2 ++
 src/expr/rt.c                       | 1 +
 2 files changed, 3 insertions(+)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 382ca54..da2dda9 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -825,12 +825,14 @@ enum nft_meta_keys {
  * @NFT_RT_NEXTHOP4: routing nexthop for IPv4
  * @NFT_RT_NEXTHOP6: routing nexthop for IPv6
  * @NFT_RT_TCPMSS: fetch current path tcp mss
+ * @NFT_RT_XFRM: boolean, skb->dst->xfrm != NULL
  */
 enum nft_rt_keys {
 	NFT_RT_CLASSID,
 	NFT_RT_NEXTHOP4,
 	NFT_RT_NEXTHOP6,
 	NFT_RT_TCPMSS,
+	NFT_RT_XFRM,
 	__NFT_RT_MAX
 };
 #define NFT_RT_MAX		(__NFT_RT_MAX - 1)
diff --git a/src/expr/rt.c b/src/expr/rt.c
index c3c92c7..18c3945 100644
--- a/src/expr/rt.c
+++ b/src/expr/rt.c
@@ -117,6 +117,7 @@ static const char *rt_key2str_array[NFT_RT_MAX + 1] = {
 	[NFT_RT_NEXTHOP4]	= "nexthop4",
 	[NFT_RT_NEXTHOP6]	= "nexthop6",
 	[NFT_RT_TCPMSS]		= "tcpmss",
+	[NFT_RT_XFRM]		= "ipsec",
 };
 
 static const char *rt_key2str(uint8_t key)
-- 
cgit v1.2.3