From e02bd59c4009bedba89da88b199e715441975439 Mon Sep 17 00:00:00 2001
From: Phil Sutter <phil@nwl.cc>
Date: Fri, 10 Mar 2017 18:13:51 +0100
Subject: exthdr: Implement existence check

This allows to check for existence of an IPv6 extension or TCP
option header by using the following syntax:

| exthdr frag exists
| tcpopt window exists

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/exthdr.c | 28 ++++++++++++++++++++++++----
 1 file changed, 24 insertions(+), 4 deletions(-)

(limited to 'src/exthdr.c')

diff --git a/src/exthdr.c b/src/exthdr.c
index 21fe734f..375e18fc 100644
--- a/src/exthdr.c
+++ b/src/exthdr.c
@@ -32,14 +32,22 @@ static void exthdr_expr_print(const struct expr *expr)
 		unsigned int offset = expr->exthdr.offset / 64;
 		char buf[3] = {0};
 
+		if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) {
+			printf("tcp option %s", expr->exthdr.desc->name);
+			return;
+		}
+
 		if (offset)
 			snprintf(buf, sizeof buf, "%d", offset);
 		printf("tcp option %s%s %s", expr->exthdr.desc->name, buf,
 					     expr->exthdr.tmpl->token);
+	} else {
+		if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT)
+			printf("exthdr %s", expr->exthdr.desc->name);
+		else
+			printf("%s %s", expr->exthdr.desc->name,
+					expr->exthdr.tmpl->token);
 	}
-	else
-		printf("%s %s", expr->exthdr.desc->name,
-				expr->exthdr.tmpl->token);
 }
 
 static bool exthdr_expr_cmp(const struct expr *e1, const struct expr *e2)
@@ -97,6 +105,13 @@ static const struct exthdr_desc *exthdr_protocols[IPPROTO_MAX] = {
 	[IPPROTO_MH]		= &exthdr_mh,
 };
 
+const struct exthdr_desc *exthdr_find_proto(uint8_t proto)
+{
+	assert(exthdr_protocols[proto]);
+
+	return exthdr_protocols[proto];
+}
+
 void exthdr_init_raw(struct expr *expr, uint8_t type,
 		     unsigned int offset, unsigned int len,
 		     enum nft_exthdr_op op, uint32_t flags)
@@ -119,7 +134,12 @@ void exthdr_init_raw(struct expr *expr, uint8_t type,
 		if (tmpl->offset != offset ||
 		    tmpl->len    != len)
 			continue;
-		expr->dtype	  = tmpl->dtype;
+
+		if (flags & NFT_EXTHDR_F_PRESENT)
+			expr->dtype = &boolean_type;
+		else
+			expr->dtype = tmpl->dtype;
+
 		expr->exthdr.tmpl = tmpl;
 		return;
 	}
-- 
cgit v1.2.3