diff options
author | Florian Westphal <fw@strlen.de> | 2016-12-11 18:02:34 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2017-08-22 23:51:02 +0200 |
commit | 0c0b2452bc3c96cf3db09eb8cbf62778a2fd8f6c (patch) | |
tree | 8ab752666dda2f50c396501f1fb95ff43b90eac1 /src/netlink_delinearize.c | |
parent | d74eed8c9649e9278b69f2cd0fd92f71e3e19cfb (diff) |
src: add tcp options set support
This adds support for tcp mss mangling:
nft add rule filter input tcp option maxseg size 1200
Its also possible to change other tcp option fields, but
maxseg is one of the more useful ones to change.
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 21 |
1 files changed, 19 insertions, 2 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 5317a830..51a61472 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -513,8 +513,25 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, expr = exthdr_expr_alloc(loc, NULL, 0); exthdr_init_raw(expr, type, offset, len, op, flags); - dreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_DREG); - netlink_set_register(ctx, dreg, expr); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_EXTHDR_DREG)) { + dreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_DREG); + netlink_set_register(ctx, dreg, expr); + } else if (nftnl_expr_is_set(nle, NFTNL_EXPR_EXTHDR_SREG)) { + enum nft_registers sreg; + struct stmt *stmt; + struct expr *val; + + sreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_SREG); + val = netlink_get_register(ctx, loc, sreg); + if (val == NULL) + return netlink_error(ctx, loc, + "exthdr statement has no expression"); + + expr_set_type(val, expr->dtype, expr->byteorder); + + stmt = exthdr_stmt_alloc(loc, expr, val); + list_add_tail(&stmt->list, &ctx->rule->stmts); + } } static void netlink_parse_hash(struct netlink_parse_ctx *ctx, |