summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2017-02-07 03:14:13 +0100
committerFlorian Westphal <fw@strlen.de>2017-02-12 15:34:47 +0100
commitc17509c6d1948f28f8cda71fef79447ec273573d (patch)
treef4828844d7064e828114b57b66fb6d02e96602ed
parent864a1b44e1937a42753648644a812f70f9500a73 (diff)
payload: insert implicit meta tcp dependency when matching tcp options
nft add rule inet filter input tcp option sack 4 left 1 <cmdline>:1:28-49: Error: Cannot generate dependency: no network layer protocol specified Users can avoid this via 'meta l4proto tcp', this enables implicit dependency injection for the inet/bridge/netdev families. Reviewed-by: Manuel Messner <mm@skelett.io> Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--src/payload.c16
1 files changed, 15 insertions, 1 deletions
diff --git a/src/payload.c b/src/payload.c
index efd19602..0207296e 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -323,12 +323,26 @@ int exthdr_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
const struct proto_desc *desc;
desc = ctx->pctx.protocol[pb].desc;
- if (desc == NULL)
+ if (desc == NULL) {
+ if (expr->exthdr.op == NFT_EXTHDR_OP_TCPOPT) {
+ switch (ctx->pctx.family) {
+ case NFPROTO_NETDEV:
+ case NFPROTO_BRIDGE:
+ case NFPROTO_INET:
+ desc = &proto_inet_service;
+ goto found;
+ default:
+ break;
+ }
+ }
+
return expr_error(ctx->msgs, expr,
"Cannot generate dependency: "
"no %s protocol specified",
proto_base_names[pb]);
+ }
+ found:
return payload_add_dependency(ctx, desc, dependency, expr, res);
}