exthdr: add support for matching IPv4 options

Add capability to have rules matching IPv4 options. This is developed mainly to support dropping of IP packets with loose and/or strict source route route options. Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Stephen Suryaputra <ssuryaextr@gmail.com> 2019-07-03 20:30:52 -0400
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2019-07-04 14:29:08 +0200
commit: 226a0e072d5c1edeb53cb61b959b011168c5c29a (patch)
tree: 07e43268efe15dc8b64b8ca9baca71e02239213f /src/json.c
parent: 1694c01c30fba06461ca82ede070bf6a9cd9a4db (diff)
1 files changed, 8 insertions, 0 deletions
diff --git a/src/json.c b/src/json.c
index 1484c21b..1006d7bb 100644
--- a/src/json.c
+++ b/src/json.c
@@ -634,6 +634,14 @@ json_t *exthdr_expr_json(const struct expr *expr, struct output_ctx *octx)
 
 		return json_pack("{s:o}", "tcp option", root);
 	}
+	if (expr->exthdr.op == NFT_EXTHDR_OP_IPV4) {
+		root = json_pack("{s:s}", "name", desc);
+
+		if (!is_exists)
+			json_object_set_new(root, "field", json_string(field));
+
+		return json_pack("{s:o}", "ip option", root);
+	}
 
 	root = json_pack("{s:s}",
 			 "name", desc);
author	Stephen Suryaputra <ssuryaextr@gmail.com>	2019-07-03 20:30:52 -0400
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2019-07-04 14:29:08 +0200
commit	226a0e072d5c1edeb53cb61b959b011168c5c29a (patch)
tree	07e43268efe15dc8b64b8ca9baca71e02239213f /src/json.c
parent	1694c01c30fba06461ca82ede070bf6a9cd9a4db (diff)