From b67abc51ba6f78be79f344dfda9c6d0753d79aea Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 2 Nov 2021 14:01:58 +0100
Subject: src: raw payload match and mangle on inner header / payload data

This patch adds support to match on inner header / payload data:

 # nft add rule x y @ih,32,32 0x14000000 counter

you can also mangle payload data:

 # nft add rule x y @ih,32,32 set 0x14000000 counter

This update triggers a checksum update at the layer 4 header via
csum_flags, mangling odd bytes is also aligned to 16-bits.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'src/parser_bison.y')

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 65fd35a3..eb89a589 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -318,6 +318,7 @@ int nft_lex(void *, void *, void *);
 %token LL_HDR			"ll"
 %token NETWORK_HDR		"nh"
 %token TRANSPORT_HDR		"th"
+%token INNER_HDR		"ih"
 
 %token BRIDGE			"bridge"
 
@@ -5260,6 +5261,7 @@ payload_raw_expr	:	AT	payload_base_spec	COMMA	NUM	COMMA	NUM
 payload_base_spec	:	LL_HDR		{ $$ = PROTO_BASE_LL_HDR; }
 			|	NETWORK_HDR	{ $$ = PROTO_BASE_NETWORK_HDR; }
 			|	TRANSPORT_HDR	{ $$ = PROTO_BASE_TRANSPORT_HDR; }
+			|	INNER_HDR	{ $$ = PROTO_BASE_INNER_HDR; }
 			;
 
 eth_hdr_expr		:	ETHER	eth_hdr_field	close_scope_eth
-- 
cgit v1.2.3