src: add tcp option reset support

This allows to replace a tcp option with nops, similar
to the TCPOPTSTRIP feature of iptables.

Signed-off-by: Florian Westphal <fw@strlen.de>

1 files changed, 11 insertions, 0 deletions

diff --git a/src/parser_bison.y b/src/parser_bison.y
index d67d16b8..ffbaf181 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -886,6 +886,9 @@ int nft_lex(void *, void *, void *);
 %type <val>			tcpopt_field_maxseg	tcpopt_field_mptcp	tcpopt_field_sack	 tcpopt_field_tsopt	tcpopt_field_window
 %type <tcp_kind_field>		tcp_hdr_option_kind_and_field
 
+%type <stmt>			optstrip_stmt
+%destructor { stmt_free($$); }	optstrip_stmt
+
 %type <expr>			boolean_expr
 %destructor { expr_free($$); }	boolean_expr
 %type <val8>			boolean_keys
@@ -2828,6 +2831,7 @@ stmt			:	verdict_stmt
 			|	map_stmt
 			|	synproxy_stmt
 			|	chain_stmt
+			|	optstrip_stmt
 			;
 
 chain_stmt_type		:	JUMP	{ $$ = NFT_JUMP; }
@@ -5516,6 +5520,13 @@ tcp_hdr_expr		:	TCP	tcp_hdr_field
 			}
 			;
 
+optstrip_stmt		:	RESET	TCP	OPTION	tcp_hdr_option_type	close_scope_tcp
+			{
+				$$ = optstrip_stmt_alloc(&@$, tcpopt_expr_alloc(&@$,
+										$4, TCPOPT_COMMON_KIND));
+			}
+			;
+
 tcp_hdr_field		:	SPORT		{ $$ = TCPHDR_SPORT; }
 			|	DPORT		{ $$ = TCPHDR_DPORT; }
 			|	SEQUENCE	{ $$ = TCPHDR_SEQ; }