From b67abc51ba6f78be79f344dfda9c6d0753d79aea Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Tue, 2 Nov 2021 14:01:58 +0100
Subject: src: raw payload match and mangle on inner header / payload data

This patch adds support to match on inner header / payload data:

 # nft add rule x y @ih,32,32 0x14000000 counter

you can also mangle payload data:

 # nft add rule x y @ih,32,32 set 0x14000000 counter

This update triggers a checksum update at the layer 4 header via
csum_flags, mangling odd bytes is also aligned to 16-bits.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/scanner.l | 1 +
 1 file changed, 1 insertion(+)

(limited to 'src/scanner.l')

diff --git a/src/scanner.l b/src/scanner.l
index 6cc7778d..5d263f9d 100644
--- a/src/scanner.l
+++ b/src/scanner.l
@@ -414,6 +414,7 @@ addrstring	({macaddr}|{ip4addr}|{ip6addr})
 "ll"			{ return LL_HDR; }
 "nh"			{ return NETWORK_HDR; }
 "th"			{ return TRANSPORT_HDR; }
+"ih"			{ return INNER_HDR; }
 
 "bridge"		{ return BRIDGE; }
 
-- 
cgit v1.2.3