From b4fd0f682b53609c747e6dd69cc5024545d4b90c Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Mon, 12 Sep 2022 10:58:44 +0200
Subject: nft: support ttl/hoplimit dissection

xlate raw "nft ... ttl eq 1" and so on to the ttl/hl matches.

Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Phil Sutter <phil@nwl.cc>
---
 iptables/nft-ipv6.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'iptables/nft-ipv6.c')

diff --git a/iptables/nft-ipv6.c b/iptables/nft-ipv6.c
index 9a29d18b..0ab1f971 100644
--- a/iptables/nft-ipv6.c
+++ b/iptables/nft-ipv6.c
@@ -169,6 +169,9 @@ static void nft_ipv6_parse_payload(struct nft_xt_ctx *ctx,
 		cs->fw6.ipv6.proto = proto;
 		if (inv)
 			cs->fw6.ipv6.invflags |= IP6T_INV_PROTO;
+	case offsetof(struct ip6_hdr, ip6_hlim):
+		nft_parse_hl(ctx, e, cs);
+		break;
 	default:
 		DEBUGP("unknown payload offset %d\n", ctx->payload.offset);
 		break;
-- 
cgit v1.2.3