Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
include/linux/netfilter/nf_tables.h | 2 ++
src/expr/rt.c | 1 +
2 files changed, 3 insertions(+)
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 382ca548112e..da2dda9760eb 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -825,12 +825,14 @@ enum nft_meta_keys {
* @NFT_RT_NEXTHOP4: routing nexthop for IPv4
* @NFT_RT_NEXTHOP6: routing nexthop for IPv6
* @NFT_RT_TCPMSS: fetch current path tcp mss
+ * @NFT_RT_XFRM: boolean, skb->dst->xfrm != NULL
*/
enum nft_rt_keys {
NFT_RT_CLASSID,
NFT_RT_NEXTHOP4,
NFT_RT_NEXTHOP6,
NFT_RT_TCPMSS,
+ NFT_RT_XFRM,
__NFT_RT_MAX
};
#define NFT_RT_MAX (__NFT_RT_MAX - 1)
diff --git a/src/expr/rt.c b/src/expr/rt.c
index c3c92c7fd76f..18c3945d45ee 100644
--- a/src/expr/rt.c
+++ b/src/expr/rt.c
@@ -117,6 +117,7 @@ static const char *rt_key2str_array[NFT_RT_MAX + 1] = {
[NFT_RT_NEXTHOP4] = "nexthop4",
[NFT_RT_NEXTHOP6] = "nexthop6",
[NFT_RT_TCPMSS] = "tcpmss",
+ [NFT_RT_XFRM] = "ipsec",
};
static const char *rt_key2str(uint8_t key)
--
2.16.4
