src: rename meta secpath to meta ipsec

for symmetry with 'rt ipsec'.  "meta secpath" still works.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt
index f217f839c026683b2ffe97f8f86dc776e4acb90b..6db7edae3238a6a313035f4b708fdb8aa74f9229 100644 (file)
--- a/doc/primary-expression.txt
+++ b/doc/primary-expression.txt
@@ -4,7 +4,7 @@ META EXPRESSIONS
 *meta* {length | nfproto | l4proto | protocol | priority}
 [meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype |
 skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu
-| iifgroup | oifgroup | cgroup | random | secpath}
+| iifgroup | oifgroup | cgroup | random | ipsec}
 
 A meta expression refers to meta data associated with a packet.
 
@@ -88,7 +88,7 @@ integer (32 bit)
 |random|
 pseudo-random number|
 integer (32 bit)
-|secpath|
+|ipsec|
 boolean|
 boolean (1 bit)
 |====================
@@ -125,7 +125,7 @@ filter output meta oif eth0
 filter output oif eth0
 
 # packed was subject to ipsec processing
-raw prerouting meta secpath exists accept
+raw prerouting meta ipsec exists accept
 -----------------------
 
 SOCKET EXPRESSION

diff --git a/src/meta.c b/src/meta.c
index 1bd91db275d679dd4600b6675762a4d6d0c2e17b..3677561bd137630fb33e700f91f48b4e2a9be0de 100644 (file)
--- a/src/meta.c
+++ b/src/meta.c
@@ -442,7 +442,7 @@ const struct meta_template meta_templates[] = {
        [NFT_META_PRANDOM]      = META_TEMPLATE("random",    &integer_type,
                                                4 * BITS_PER_BYTE,
                                                BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */
-       [NFT_META_SECPATH]      = META_TEMPLATE("secpath", &boolean_type,
+       [NFT_META_SECPATH]      = META_TEMPLATE("ipsec", &boolean_type,
                                                BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN),
 };
 
@@ -665,6 +665,9 @@ struct error_record *meta_key_parse(const struct location *loc,
        } else if (strcmp(str, "obriport") == 0) {
                *value = NFT_META_BRI_OIFNAME;
                return NULL;
+       } else if (strcmp(str, "secpath") == 0) {
+               *value = NFT_META_SECPATH;
+               return NULL;
        }
 
        len = (int)sizeof(buf);

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 32d61b3b67230ff357aa22659ba5f5e2b8c121d7..5fd304a9381f8143f47638d67998be4f37e86aeb 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3726,6 +3726,7 @@ meta_key_unqualified      :       MARK            { $$ = NFT_META_MARK; }
                        |       IIFGROUP        { $$ = NFT_META_IIFGROUP; }
                        |       OIFGROUP        { $$ = NFT_META_OIFGROUP; }
                        |       CGROUP          { $$ = NFT_META_CGROUP; }
+                       |       IPSEC           { $$ = NFT_META_SECPATH; }
                        ;
 
 meta_stmt              :       META    meta_key        SET     stmt_expr

diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t
index 644a96fdf18544a0b982878dba69472d9ab5e238..df32332f062185cacf93755e2ca9d27e9eb9bb3b 100644 (file)
--- a/tests/py/inet/meta.t
+++ b/tests/py/inet/meta.t
@@ -12,7 +12,7 @@ meta nfproto ipv4 tcp dport 22;ok
 meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4
 meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6
 meta nfproto ipv4 counter ip saddr 1.2.3.4;ok
-meta secpath exists;ok
-meta secpath missing;ok
+meta ipsec exists;ok
+meta secpath missing;ok;meta ipsec missing
 meta ibrname "br0";fail
 meta obrname "br0";fail

diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload
index 2d0a66fa5cf5ef8f5f5faf2093cb484639d0b6fc..d7ff7e2d41fa742327800a84c09c7eeb8a051a38 100644 (file)
--- a/tests/py/inet/meta.t.payload
+++ b/tests/py/inet/meta.t.payload
@@ -64,7 +64,7 @@ inet test-inet input
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ cmp eq reg 1 0x04030201 ]
 
-# meta secpath exists
+# meta ipsec exists
 inet test-inet input
   [ meta load secpath => reg 1 ]
   [ cmp eq reg 1 0x00000001 ]