for symmetry with 'rt ipsec'. "meta secpath" still works. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- doc/primary-expression.txt | 6 +++--- src/meta.c | 5 ++++- src/parser_bison.y | 1 + tests/py/inet/meta.t | 4 ++-- tests/py/inet/meta.t.payload | 2 +- 5 files changed, 11 insertions(+), 7 deletions(-) diff --git a/doc/primary-expression.txt b/doc/primary-expression.txt index 5024a11faf39..e404e5423a01 100644 --- a/doc/primary-expression.txt +++ b/doc/primary-expression.txt @@ -4,7 +4,7 @@ META EXPRESSIONS *meta* {length | nfproto | l4proto | protocol | priority} [meta] {mark | iif | iifname | iiftype | oif | oifname | oiftype | skuid | skgid | nftrace | rtclassid | ibrname | obrname | pkttype | cpu -| iifgroup | oifgroup | cgroup | random | secpath} +| iifgroup | oifgroup | cgroup | random | ipsec} A meta expression refers to meta data associated with a packet. @@ -88,7 +88,7 @@ integer (32 bit) |random| pseudo-random number| integer (32 bit) -|secpath| +|ipsec| boolean| boolean (1 bit) |==================== @@ -124,7 +124,7 @@ filter output meta oif eth0 filter output oif eth0 # packed was subject to ipsec processing -raw prerouting meta secpath exists accept +raw prerouting meta ipsec exists accept ----------------------- SOCKET EXPRESSION diff --git a/src/meta.c b/src/meta.c index 1bd91db275d6..3677561bd137 100644 --- a/src/meta.c +++ b/src/meta.c @@ -442,7 +442,7 @@ const struct meta_template meta_templates[] = { [NFT_META_PRANDOM] = META_TEMPLATE("random", &integer_type, 4 * BITS_PER_BYTE, BYTEORDER_BIG_ENDIAN), /* avoid conversion; doesn't have endianess */ - [NFT_META_SECPATH] = META_TEMPLATE("secpath", &boolean_type, + [NFT_META_SECPATH] = META_TEMPLATE("ipsec", &boolean_type, BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), }; @@ -665,6 +665,9 @@ struct error_record *meta_key_parse(const struct location *loc, } else if (strcmp(str, "obriport") == 0) { *value = NFT_META_BRI_OIFNAME; return NULL; + } else if (strcmp(str, "secpath") == 0) { + *value = NFT_META_SECPATH; + return NULL; } len = (int)sizeof(buf); diff --git a/src/parser_bison.y b/src/parser_bison.y index 32d61b3b6723..5fd304a9381f 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -3726,6 +3726,7 @@ meta_key_unqualified : MARK { $$ = NFT_META_MARK; } | IIFGROUP { $$ = NFT_META_IIFGROUP; } | OIFGROUP { $$ = NFT_META_OIFGROUP; } | CGROUP { $$ = NFT_META_CGROUP; } + | IPSEC { $$ = NFT_META_SECPATH; } ; meta_stmt : META meta_key SET stmt_expr diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t index 644a96fdf185..df32332f0621 100644 --- a/tests/py/inet/meta.t +++ b/tests/py/inet/meta.t @@ -12,7 +12,7 @@ meta nfproto ipv4 tcp dport 22;ok meta nfproto ipv4 ip saddr 1.2.3.4;ok;ip saddr 1.2.3.4 meta nfproto ipv6 meta l4proto tcp;ok;meta nfproto ipv6 meta l4proto 6 meta nfproto ipv4 counter ip saddr 1.2.3.4;ok -meta secpath exists;ok -meta secpath missing;ok +meta ipsec exists;ok +meta secpath missing;ok;meta ipsec missing meta ibrname "br0";fail meta obrname "br0";fail diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload index 2d0a66fa5cf5..d7ff7e2d41fa 100644 --- a/tests/py/inet/meta.t.payload +++ b/tests/py/inet/meta.t.payload @@ -64,7 +64,7 @@ inet test-inet input [ payload load 4b @ network header + 12 => reg 1 ] [ cmp eq reg 1 0x04030201 ] -# meta secpath exists +# meta ipsec exists inet test-inet input [ meta load secpath => reg 1 ] [ cmp eq reg 1 0x00000001 ] -- 2.16.4