diff options
author | Florian Westphal <fw@strlen.de> | 2017-12-01 13:40:21 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-01-16 15:57:22 +0100 |
commit | 49f6e9a846c6c8325b95debe04d5ebc3c01246fb (patch) | |
tree | 4de70952424cf45846cc67287967fca823edc0c9 /src/meta.c | |
parent | 1dbd13c97e300dcaf6581bc7b0b0f23cc74c6645 (diff) |
meta: add secpath support
This can be used to check if a packet has a secpath attached to it, i.e.
was subject to ipsec processing. Example:
add rule inet raw prerouting meta secpath exists accept
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/meta.c')
-rw-r--r-- | src/meta.c | 3 |
1 files changed, 3 insertions, 0 deletions
@@ -428,6 +428,8 @@ static const struct meta_template meta_templates[] = { [NFT_META_PRANDOM] = META_TEMPLATE("random", &integer_type, 4 * BITS_PER_BYTE, BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */ + [NFT_META_SECPATH] = META_TEMPLATE("secpath", &boolean_type, + BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), }; static bool meta_key_is_qualified(enum nft_meta_keys key) @@ -439,6 +441,7 @@ static bool meta_key_is_qualified(enum nft_meta_keys key) case NFT_META_PROTOCOL: case NFT_META_PRIORITY: case NFT_META_PRANDOM: + case NFT_META_SECPATH: return true; default: return false; |