diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-01-02 15:36:33 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-01-02 15:36:33 +0100 |
| commit | c1f92755437ea4eee10950a196a5c749329ae5f6 (patch) | |
| tree | 33c6f8fb7f262b274d494a91f3aa43c41dff5c9c /include | |
| parent | 75b096c094a5ee1d6ef443f16d6b55fa3dd1f197 (diff) | |
src: add gre support
GRE has a number of fields that are conditional based on flags,
which requires custom dependency code similar to icmp and icmpv6.
Matching on optional fields is not supported at this stage.
Since this is a layer 3 tunnel protocol, an implicit dependency on
NFT_META_L4PROTO for IPPROTO_GRE is generated. To achieve this, this
patch adds new infrastructure to remove an outer dependency based on
the inner protocol from delinearize path.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/parser.h | 1 | ||||
| -rw-r--r-- | include/payload.h | 2 | ||||
| -rw-r--r-- | include/proto.h | 14 |
3 files changed, 17 insertions, 0 deletions
diff --git a/include/parser.h b/include/parser.h index 977fbb94..1bd490f0 100644 --- a/include/parser.h +++ b/include/parser.h @@ -37,6 +37,7 @@ enum startcond_type { PARSER_SC_CT, PARSER_SC_COUNTER, PARSER_SC_ETH, + PARSER_SC_GRE, PARSER_SC_ICMP, PARSER_SC_IGMP, PARSER_SC_IP, diff --git a/include/payload.h b/include/payload.h index aac553ee..08e45f7f 100644 --- a/include/payload.h +++ b/include/payload.h @@ -15,6 +15,8 @@ struct eval_ctx; struct stmt; extern int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr, struct stmt **res); +int payload_gen_inner_dependency(struct eval_ctx *ctx, const struct expr *expr, + struct stmt **res); extern int payload_gen_icmp_dependency(struct eval_ctx *ctx, const struct expr *expr, struct stmt **res); diff --git a/include/proto.h b/include/proto.h index 32e07448..4b0c7146 100644 --- a/include/proto.h +++ b/include/proto.h @@ -97,6 +97,7 @@ enum proto_desc_id { PROTO_DESC_VLAN, PROTO_DESC_ETHER, PROTO_DESC_VXLAN, + PROTO_DESC_GRE, __PROTO_DESC_MAX }; #define PROTO_DESC_MAX (__PROTO_DESC_MAX - 1) @@ -396,7 +397,20 @@ enum vxlan_hdr_fields { VXLANHDR_FLAGS, }; +struct grehdr { + uint16_t flags; + uint16_t protocol; +}; + +enum gre_hdr_fields { + GREHDR_INVALID, + GREHDR_VERSION, + GREHDR_FLAGS, + GREHDR_PROTOCOL, +}; + extern const struct proto_desc proto_vxlan; +extern const struct proto_desc proto_gre; extern const struct proto_desc proto_icmp; extern const struct proto_desc proto_igmp; |