summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--include/linux/netfilter/nf_tables.h2
-rw-r--r--src/expr/exthdr.c5
2 files changed, 7 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 38f74e4..5b1c380 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -729,10 +729,12 @@ enum nft_exthdr_flags {
*
* @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
* @NFT_EXTHDR_OP_TCP: match against tcp options
+ * @NFT_EXTHDR_OP_IPV4: match against ipv4 options
*/
enum nft_exthdr_op {
NFT_EXTHDR_OP_IPV6,
NFT_EXTHDR_OP_TCPOPT,
+ NFT_EXTHDR_OP_IPV4,
__NFT_EXTHDR_OP_MAX
};
#define NFT_EXTHDR_OP_MAX (__NFT_EXTHDR_OP_MAX - 1)
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index bef453e..e5f714b 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -200,6 +200,9 @@ static const char *op2str(uint8_t op)
case NFT_EXTHDR_OP_TCPOPT:
return " tcpopt";
case NFT_EXTHDR_OP_IPV6:
+ return " ipv6";
+ case NFT_EXTHDR_OP_IPV4:
+ return " ipv4";
default:
return "";
}
@@ -209,6 +212,8 @@ static inline int str2exthdr_op(const char* str)
{
if (!strcmp(str, "tcpopt"))
return NFT_EXTHDR_OP_TCPOPT;
+ if (!strcmp(str, "ipv4"))
+ return NFT_EXTHDR_OP_IPV4;
/* if str == "ipv6" or anything else */
return NFT_EXTHDR_OP_IPV6;