src: raw payload match and mangle on inner header / payload data

This patch adds support to match on inner header / payload data: # nft add rule x y @ih,32,32 0x14000000 counter you can also mangle payload data: # nft add rule x y @ih,32,32 set 0x14000000 counter This update triggers a checksum update at the layer 4 header via csum_flags, mangling odd bytes is also aligned to 16-bits. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-02 14:01:58 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2021-11-08 10:53:59 +0100
commit: b67abc51ba6f78be79f344dfda9c6d0753d79aea (patch)
tree: 974a155489e69c0a9a5c9f3ee209ca5bec2d3c99 /src/scanner.l
parent: dad3338f1f76a4a5bd782bae9c6b48941dfb1e31 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/scanner.l b/src/scanner.l
index 6cc7778d..5d263f9d 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -414,6 +414,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ll"			{ return LL_HDR; }
 "nh"			{ return NETWORK_HDR; }
 "th"			{ return TRANSPORT_HDR; }
+"ih"			{ return INNER_HDR; }
 
 "bridge"		{ return BRIDGE; }
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-02 14:01:58 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2021-11-08 10:53:59 +0100
commit	b67abc51ba6f78be79f344dfda9c6d0753d79aea (patch)
tree	974a155489e69c0a9a5c9f3ee209ca5bec2d3c99 /src/scanner.l
parent	dad3338f1f76a4a5bd782bae9c6b48941dfb1e31 (diff)