summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-12-01 13:40:21 +0100
committerFlorian Westphal <fw@strlen.de>2018-01-16 15:57:22 +0100
commit49f6e9a846c6c8325b95debe04d5ebc3c01246fb (patch)
tree4de70952424cf45846cc67287967fca823edc0c9 /src
parent1dbd13c97e300dcaf6581bc7b0b0f23cc74c6645 (diff)
meta: add secpath support
This can be used to check if a packet has a secpath attached to it, i.e. was subject to ipsec processing. Example: add rule inet raw prerouting meta secpath exists accept Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src')
-rw-r--r--src/meta.c3
1 files changed, 3 insertions, 0 deletions
diff --git a/src/meta.c b/src/meta.c
index 687de8cd..8c2eca27 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -428,6 +428,8 @@ static const struct meta_template meta_templates[] = {
[NFT_META_PRANDOM] = META_TEMPLATE("random", &integer_type,
4 * BITS_PER_BYTE,
BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */
+ [NFT_META_SECPATH] = META_TEMPLATE("secpath", &boolean_type,
+ BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN),
};
static bool meta_key_is_qualified(enum nft_meta_keys key)
@@ -439,6 +441,7 @@ static bool meta_key_is_qualified(enum nft_meta_keys key)
case NFT_META_PROTOCOL:
case NFT_META_PRIORITY:
case NFT_META_PRANDOM:
+ case NFT_META_SECPATH:
return true;
default:
return false;