expr: rt: ipsec match support

author Florian Westphal <fw@strlen.de>

Wed, 5 Sep 2018 09:16:40 +0000 (11:16 +0200)

committer Florian Westphal <fw@strlen.de>

Fri, 21 Sep 2018 09:58:42 +0000 (11:58 +0200)
author Florian Westphal <fw@strlen.de>
Wed, 5 Sep 2018 09:16:40 +0000 (11:16 +0200)
committer Florian Westphal <fw@strlen.de>
Fri, 21 Sep 2018 09:58:42 +0000 (11:58 +0200)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h

index 382ca548112e57f6c3be09682c3d696abe6c9dce..da2dda9760eb495da6b60caa07ae5a73c14fad84 100644 (file)
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -825,12 +825,14 @@ enum nft_meta_keys {
   * @NFT_RT_NEXTHOP4: routing nexthop for IPv4
   * @NFT_RT_NEXTHOP6: routing nexthop for IPv6
   * @NFT_RT_TCPMSS: fetch current path tcp mss
+ * @NFT_RT_XFRM: boolean, skb->dst->xfrm != NULL
   */
  enum nft_rt_keys {
         NFT_RT_CLASSID,
         NFT_RT_NEXTHOP4,
         NFT_RT_NEXTHOP6,
         NFT_RT_TCPMSS,
+       NFT_RT_XFRM,
         __NFT_RT_MAX
  };
  #define NFT_RT_MAX             (__NFT_RT_MAX - 1)
diff --git a/src/expr/rt.c b/src/expr/rt.c

index c3c92c7fd76f5005827d442b6b81b82d353cc515..18c3945d45ee8c5da2dc4345337306ea4449ebcc 100644 (file)
--- a/src/expr/rt.c
+++ b/src/expr/rt.c
@@ -117,6 +117,7 @@ static const char *rt_key2str_array[NFT_RT_MAX + 1] = {
         [NFT_RT_NEXTHOP4]       = "nexthop4",
         [NFT_RT_NEXTHOP6]       = "nexthop6",
         [NFT_RT_TCPMSS]         = "tcpmss",
+       [NFT_RT_XFRM]           = "ipsec",
  };
  
  static const char *rt_key2str(uint8_t key)
author	Florian Westphal <fw@strlen.de>
	Wed, 5 Sep 2018 09:16:40 +0000 (11:16 +0200)
committer	Florian Westphal <fw@strlen.de>
	Fri, 21 Sep 2018 09:58:42 +0000 (11:58 +0200)
include/linux/netfilter/nf_tables.h		patch \| blob \| blame \| history
src/expr/rt.c		patch \| blob \| blame \| history