summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorStephen Suryaputra <ssuryaextr@gmail.com>2019-06-20 07:54:29 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2019-07-04 14:24:54 +0200
commit60d9378df4e9c7324392e76b0408b6dda6e8bc1c (patch)
tree52f1ec3fe1347bff6efb7e70db5e3c3fc2471b78 /src
parent3587ad1e751576993b2d11391ee17b07b1d99075 (diff)
src: add support for matching IPv4 options
Add capability to have rules matching IPv4 options. This is developed mainly to support dropping of IP packets with loose and/or strict source route route options. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r--src/expr/exthdr.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index bef453e..e5f714b 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -200,6 +200,9 @@ static const char *op2str(uint8_t op)
case NFT_EXTHDR_OP_TCPOPT:
return " tcpopt";
case NFT_EXTHDR_OP_IPV6:
+ return " ipv6";
+ case NFT_EXTHDR_OP_IPV4:
+ return " ipv4";
default:
return "";
}
@@ -209,6 +212,8 @@ static inline int str2exthdr_op(const char* str)
{
if (!strcmp(str, "tcpopt"))
return NFT_EXTHDR_OP_TCPOPT;
+ if (!strcmp(str, "ipv4"))
+ return NFT_EXTHDR_OP_IPV4;
/* if str == "ipv6" or anything else */
return NFT_EXTHDR_OP_IPV6;