summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--doc/primary-expression.txt6
-rw-r--r--src/meta.c5
-rw-r--r--src/parser_bison.y1
-rw-r--r--tests/py/inet/meta.t4
-rw-r--r--tests/py/inet/meta.t.payload2
5 files changed, 11 insertions, 7 deletions
diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index f217f839..6db7edae 100644
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -4,7 +4,7 @@ META EXPRESSIONS
*meta* {length | nfproto | l4proto | protocol | priority}
[meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype |
skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu
-| iifgroup | oifgroup | cgroup | random | secpath}
+| iifgroup | oifgroup | cgroup | random | ipsec}
A meta expression refers to meta data associated with a packet.
@@ -88,7 +88,7 @@ integer (32 bit)
|random|
pseudo-random number|
integer (32 bit)
-|secpath|
+|ipsec|
boolean|
boolean (1 bit)
|====================
@@ -125,7 +125,7 @@ filter output meta oif eth0
filter output oif eth0
# packed was subject to ipsec processing
-raw prerouting meta secpath exists accept
+raw prerouting meta ipsec exists accept
-----------------------
SOCKET EXPRESSION
diff --git a/src/meta.c b/src/meta.c
index 1bd91db2..3677561b 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -442,7 +442,7 @@ const struct meta_template meta_templates[] = {
[NFT_META_PRANDOM] = META_TEMPLATE("random", &integer_type,
4 * BITS_PER_BYTE,
BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */
- [NFT_META_SECPATH] = META_TEMPLATE("secpath", &boolean_type,
+ [NFT_META_SECPATH] = META_TEMPLATE("ipsec", &boolean_type,
BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN),
};
@@ -665,6 +665,9 @@ struct error_record *meta_key_parse(const struct location *loc,
} else if (strcmp(str, "obriport") == 0) {
*value = NFT_META_BRI_OIFNAME;
return NULL;
+ } else if (strcmp(str, "secpath") == 0) {
+ *value = NFT_META_SECPATH;
+ return NULL;
}
len = (int)sizeof(buf);
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 32d61b3b..5fd304a9 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3726,6 +3726,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; }
| IIFGROUP { $$ = NFT_META_IIFGROUP; }
| OIFGROUP { $$ = NFT_META_OIFGROUP; }
| CGROUP { $$ = NFT_META_CGROUP; }
+ | IPSEC { $$ = NFT_META_SECPATH; }
;
meta_stmt : META meta_key SET stmt_expr
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t
index 644a96fd..df32332f 100644
--- a/tests/py/inet/meta.t
+++ b/tests/py/inet/meta.t
@@ -12,7 +12,7 @@ meta nfproto ipv4 tcp dport 22;ok
meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4
meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6
meta nfproto ipv4 counter ip saddr 1.2.3.4;ok
-meta secpath exists;ok
-meta secpath missing;ok
+meta ipsec exists;ok
+meta secpath missing;ok;meta ipsec missing
meta ibrname "br0";fail
meta obrname "br0";fail
diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload
index 2d0a66fa..d7ff7e2d 100644
--- a/tests/py/inet/meta.t.payload
+++ b/tests/py/inet/meta.t.payload
@@ -64,7 +64,7 @@ inet test-inet input
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x04030201 ]
-# meta secpath exists
+# meta ipsec exists
inet test-inet input
[ meta load secpath => reg 1 ]
[ cmp eq reg 1 0x00000001 ]