summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorStephen Suryaputra <ssuryaextr@gmail.com>2019-07-03 20:30:52 -0400
committerPablo Neira Ayuso <pablo@netfilter.org>2019-07-04 14:29:08 +0200
commit226a0e072d5c1edeb53cb61b959b011168c5c29a (patch)
tree07e43268efe15dc8b64b8ca9baca71e02239213f /include
parent1694c01c30fba06461ca82ede070bf6a9cd9a4db (diff)
exthdr: add support for matching IPv4 options
Add capability to have rules matching IPv4 options. This is developed mainly to support dropping of IP packets with loose and/or strict source route route options. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/Makefile.am1
-rw-r--r--include/exthdr.h1
-rw-r--r--include/linux/netfilter/nf_tables.h2
3 files changed, 4 insertions, 0 deletions
diff --git a/include/Makefile.am b/include/Makefile.am
index 2d77a768..04a4a619 100644
--- a/include/Makefile.am
+++ b/include/Makefile.am
@@ -7,6 +7,7 @@ noinst_HEADERS = cli.h \
expression.h \
fib.h \
hash.h \
+ ipopt.h \
json.h \
mini-gmp.h \
gmputil.h \
diff --git a/include/exthdr.h b/include/exthdr.h
index 32f99c9c..3959a65c 100644
--- a/include/exthdr.h
+++ b/include/exthdr.h
@@ -3,6 +3,7 @@
#include <proto.h>
#include <tcpopt.h>
+#include <ipopt.h>
/**
* struct exthdr_desc - extension header description
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 7bdb234f..393bcb56 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -730,10 +730,12 @@ enum nft_exthdr_flags {
*
* @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
* @NFT_EXTHDR_OP_TCP: match against tcp options
+ * @NFT_EXTHDR_OP_IPV4: match against ip options
*/
enum nft_exthdr_op {
NFT_EXTHDR_OP_IPV6,
NFT_EXTHDR_OP_TCPOPT,
+ NFT_EXTHDR_OP_IPV4,
__NFT_EXTHDR_OP_MAX
};
#define NFT_EXTHDR_OP_MAX (__NFT_EXTHDR_OP_MAX - 1)