From 0c0b2452bc3c96cf3db09eb8cbf62778a2fd8f6c Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sun, 11 Dec 2016 18:02:34 +0100 Subject: src: add tcp options set support This adds support for tcp mss mangling: nft add rule filter input tcp option maxseg size 1200 Its also possible to change other tcp option fields, but maxseg is one of the more useful ones to change. Signed-off-by: Florian Westphal Acked-by: Pablo Neira Ayuso --- src/netlink_delinearize.c | 21 +++++++++++++++++++-- 1 file changed, 19 insertions(+), 2 deletions(-) (limited to 'src/netlink_delinearize.c') diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 5317a830..51a61472 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -513,8 +513,25 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, expr = exthdr_expr_alloc(loc, NULL, 0); exthdr_init_raw(expr, type, offset, len, op, flags); - dreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_DREG); - netlink_set_register(ctx, dreg, expr); + if (nftnl_expr_is_set(nle, NFTNL_EXPR_EXTHDR_DREG)) { + dreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_DREG); + netlink_set_register(ctx, dreg, expr); + } else if (nftnl_expr_is_set(nle, NFTNL_EXPR_EXTHDR_SREG)) { + enum nft_registers sreg; + struct stmt *stmt; + struct expr *val; + + sreg = netlink_parse_register(nle, NFTNL_EXPR_EXTHDR_SREG); + val = netlink_get_register(ctx, loc, sreg); + if (val == NULL) + return netlink_error(ctx, loc, + "exthdr statement has no expression"); + + expr_set_type(val, expr->dtype, expr->byteorder); + + stmt = exthdr_stmt_alloc(loc, expr, val); + list_add_tail(&stmt->list, &ctx->rule->stmts); + } } static void netlink_parse_hash(struct netlink_parse_ctx *ctx, -- cgit v1.2.3