diff options
author | Florian Westphal <fw@strlen.de> | 2018-09-05 11:16:42 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-09-21 12:03:47 +0200 |
commit | 04ca9a6ba3ca369053e9b5951f2f85bf8fe98e72 (patch) | |
tree | e8d68a8efef66f446d90de1183785ad4b0d0522a /src | |
parent | b0d3f3d95c51f506787719021f3dcba5da687dcb (diff) |
src: rt: add support to check if route will perform ipsec transformation
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/parser_bison.y | 2 | ||||
-rw-r--r-- | src/parser_json.c | 1 | ||||
-rw-r--r-- | src/rt.c | 5 | ||||
-rw-r--r-- | src/scanner.l | 1 |
4 files changed, 9 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 85830d88..32d61b3b 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -510,6 +510,7 @@ int nft_lex(void *, void *, void *); %token EXTHDR "exthdr" +%token IPSEC "ipsec" %type <string> identifier type_identifier string comment_spec %destructor { xfree($$); } identifier type_identifier string comment_spec @@ -3830,6 +3831,7 @@ rt_expr : RT rt_key rt_key : CLASSID { $$ = NFT_RT_CLASSID; } | NEXTHOP { $$ = NFT_RT_NEXTHOP4; } | MTU { $$ = NFT_RT_TCPMSS; } + | IPSEC { $$ = NFT_RT_XFRM; } ; ct_expr : CT ct_key diff --git a/src/parser_json.c b/src/parser_json.c index 514bc46b..3f0ab0ac 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -621,6 +621,7 @@ static struct expr *json_parse_rt_expr(struct json_ctx *ctx, { "classid", NFT_RT_CLASSID }, { "nexthop", NFT_RT_NEXTHOP4 }, { "mtu", NFT_RT_TCPMSS }, + { "ipsec", NFT_RT_XFRM }, }; unsigned int i, familyval = NFPROTO_UNSPEC; const char *key, *family = NULL; @@ -79,6 +79,11 @@ const struct rt_template rt_templates[] = { 2 * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN, false), + [NFT_RT_XFRM] = RT_TEMPLATE("ipsec", + &boolean_type, + BITS_PER_BYTE, + BYTEORDER_HOST_ENDIAN, + false), }; static void rt_expr_print(const struct expr *expr, struct output_ctx *octx) diff --git a/src/scanner.l b/src/scanner.l index 2f45e05b..26e63b9b 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -554,6 +554,7 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) "exthdr" { return EXTHDR; } +"ipsec" { return IPSEC; } {addrstring} { yylval->string = xstrdup(yytext); return STRING; |