summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--include/linux/netfilter/nf_tables.h2
-rw-r--r--src/expr/meta.c3
2 files changed, 4 insertions, 1 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 874fa3f..64d4a25 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -775,6 +775,7 @@ enum nft_exthdr_attributes {
* @NFT_META_OIFGROUP: packet output interface group
* @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
* @NFT_META_PRANDOM: a 32bit pseudo-random number
+ * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
*/
enum nft_meta_keys {
NFT_META_LEN,
@@ -802,6 +803,7 @@ enum nft_meta_keys {
NFT_META_OIFGROUP,
NFT_META_CGROUP,
NFT_META_PRANDOM,
+ NFT_META_SECPATH,
};
/**
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 2c75841..de82105 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -22,7 +22,7 @@
#include <libnftnl/rule.h>
#ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_PRANDOM + 1)
+#define NFT_META_MAX (NFT_META_SECPATH + 1)
#endif
struct nftnl_expr_meta {
@@ -158,6 +158,7 @@ static const char *meta_key2str_array[NFT_META_MAX] = {
[NFT_META_OIFGROUP] = "oifgroup",
[NFT_META_CGROUP] = "cgroup",
[NFT_META_PRANDOM] = "prandom",
+ [NFT_META_SECPATH] = "secpath",
};
static const char *meta_key2str(uint8_t key)