From 24d8da3083422da8336eeed2ee23b2ccf598ba5a Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 21 Oct 2020 23:54:17 +0200 Subject: tcpopt: allow to check for presence of any tcp option nft currently doesn't allow to check for presence of arbitrary tcp options. Only known options where nft provides a template can be tested for. This allows to test for presence of raw protocol values as well. Example: tcp option 42 exists Signed-off-by: Florian Westphal --- src/parser_bison.y | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 7dedbd25..9a2b1b6f 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5224,6 +5224,13 @@ tcp_hdr_option_type : EOL { $$ = TCPOPT_KIND_EOL; } | SACK3 { $$ = TCPOPT_KIND_SACK3; } | ECHO { $$ = TCPOPT_KIND_ECHO; } | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } + | NUM { + if ($1 > 255) { + erec_queue(error(&@1, "value too large"), state->msgs); + YYERROR; + } + $$ = $1; + } ; tcp_hdr_option_field : KIND { $$ = TCPOPT_COMMON_KIND; } -- cgit v1.2.3