[PATCH libnftnl] meta: secpath support

Florian Westphal <fw@xxxxxxxxx> · Fri, 1 Dec 2017 13:40:20 +0100

---
 include/linux/netfilter/nf_tables.h | 2 ++
 src/expr/meta.c                     | 3 ++-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 874fa3f239eb..64d4a25f8409 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -775,6 +775,7 @@ enum nft_exthdr_attributes {
  * @NFT_META_OIFGROUP: packet output interface group
  * @NFT_META_CGROUP: socket control group (skb->sk->sk_classid)
  * @NFT_META_PRANDOM: a 32bit pseudo-random number
+ * @NFT_META_SECPATH: boolean, secpath_exists (!!skb->sp)
  */
 enum nft_meta_keys {
 	NFT_META_LEN,
@@ -802,6 +803,7 @@ enum nft_meta_keys {
 	NFT_META_OIFGROUP,
 	NFT_META_CGROUP,
 	NFT_META_PRANDOM,
+	NFT_META_SECPATH,
 };
 
 /**
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 2c758412bf2e..de82105de44f 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -22,7 +22,7 @@
 #include <libnftnl/rule.h>
 
 #ifndef NFT_META_MAX
-#define NFT_META_MAX (NFT_META_PRANDOM + 1)
+#define NFT_META_MAX (NFT_META_SECPATH + 1)
 #endif
 
 struct nftnl_expr_meta {
@@ -158,6 +158,7 @@ static const char *meta_key2str_array[NFT_META_MAX] = {
 	[NFT_META_OIFGROUP]	= "oifgroup",
 	[NFT_META_CGROUP]	= "cgroup",
 	[NFT_META_PRANDOM]	= "prandom",
+	[NFT_META_SECPATH]	= "secpath",
 };
 
 static const char *meta_key2str(uint8_t key)
-- 
2.13.6

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html






