diff options
author | Stephen Suryaputra <ssuryaextr@gmail.com> | 2019-06-20 07:54:29 -0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-07-04 14:24:54 +0200 |
commit | 60d9378df4e9c7324392e76b0408b6dda6e8bc1c (patch) | |
tree | 52f1ec3fe1347bff6efb7e70db5e3c3fc2471b78 /src | |
parent | 3587ad1e751576993b2d11391ee17b07b1d99075 (diff) |
src: add support for matching IPv4 options
Add capability to have rules matching IPv4 options. This is developed
mainly to support dropping of IP packets with loose and/or strict source
route route options.
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/expr/exthdr.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c index bef453e..e5f714b 100644 --- a/src/expr/exthdr.c +++ b/src/expr/exthdr.c @@ -200,6 +200,9 @@ static const char *op2str(uint8_t op) case NFT_EXTHDR_OP_TCPOPT: return " tcpopt"; case NFT_EXTHDR_OP_IPV6: + return " ipv6"; + case NFT_EXTHDR_OP_IPV4: + return " ipv4"; default: return ""; } @@ -209,6 +212,8 @@ static inline int str2exthdr_op(const char* str) { if (!strcmp(str, "tcpopt")) return NFT_EXTHDR_OP_TCPOPT; + if (!strcmp(str, "ipv4")) + return NFT_EXTHDR_OP_IPV4; /* if str == "ipv6" or anything else */ return NFT_EXTHDR_OP_IPV6; |