meta: add secpath support

This can be used to check if a packet has a secpath attached to it, i.e. was subject to ipsec processing. Example: add rule inet raw prerouting meta secpath exists accept Signed-off-by: Florian Westphal <fw@strlen.de>
author: Florian Westphal <fw@strlen.de> 2017-12-01 13:40:21 +0100
committer: Florian Westphal <fw@strlen.de> 2018-01-16 15:57:22 +0100
commit: 49f6e9a846c6c8325b95debe04d5ebc3c01246fb (patch)
tree: 4de70952424cf45846cc67287967fca823edc0c9 /tests
parent: 1dbd13c97e300dcaf6581bc7b0b0f23cc74c6645 (diff)
2 files changed, 11 insertions, 0 deletions
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t
index bd225e3d..d68896dc 100644
--- a/tests/py/inet/meta.t
+++ b/tests/py/inet/meta.t
@@ -12,3 +12,5 @@ meta nfproto ipv4 tcp dport 22;ok
 meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4
 meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6
 meta nfproto ipv4 counter ip saddr 1.2.3.4;ok
+meta secpath exists;ok
+meta secpath missing;ok
diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload
index 0323b30f..2d0a66fa 100644
--- a/tests/py/inet/meta.t.payload
+++ b/tests/py/inet/meta.t.payload
@@ -64,3 +64,12 @@ inet test-inet input
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ cmp eq reg 1 0x04030201 ]
 
+# meta secpath exists
+inet test-inet input
+  [ meta load secpath => reg 1 ]
+  [ cmp eq reg 1 0x00000001 ]
+
+# meta secpath missing
+inet test-inet input
+  [ meta load secpath => reg 1 ]
+  [ cmp eq reg 1 0x00000000 ]
author	Florian Westphal <fw@strlen.de>	2017-12-01 13:40:21 +0100
committer	Florian Westphal <fw@strlen.de>	2018-01-16 15:57:22 +0100
commit	49f6e9a846c6c8325b95debe04d5ebc3c01246fb (patch)
tree	4de70952424cf45846cc67287967fca823edc0c9 /tests
parent	1dbd13c97e300dcaf6581bc7b0b0f23cc74c6645 (diff)