diff options
author | Florian Westphal <fw@strlen.de> | 2022-09-12 10:58:44 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-09-13 14:14:38 +0200 |
commit | b4fd0f682b53609c747e6dd69cc5024545d4b90c (patch) | |
tree | 22ffb65b47917d61393b42d6171dbb96b0ae22ce /iptables/nft-ipv4.c | |
parent | 0da2d1a35bd70d37f72d594927c0649d1dea4f7c (diff) |
nft: support ttl/hoplimit dissection
xlate raw "nft ... ttl eq 1" and so on to the ttl/hl matches.
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Phil Sutter <phil@nwl.cc>
Diffstat (limited to 'iptables/nft-ipv4.c')
-rw-r--r-- | iptables/nft-ipv4.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/iptables/nft-ipv4.c b/iptables/nft-ipv4.c index 59c4a41f..1865d151 100644 --- a/iptables/nft-ipv4.c +++ b/iptables/nft-ipv4.c @@ -206,6 +206,9 @@ static void nft_ipv4_parse_payload(struct nft_xt_ctx *ctx, if (inv) cs->fw.ip.invflags |= IPT_INV_FRAG; break; + case offsetof(struct iphdr, ttl): + nft_parse_hl(ctx, e, cs); + break; default: DEBUGP("unknown payload offset %d\n", ctx->payload.offset); break; |