parser_bison: turn redundant ip option type field match into boolean

The ip option expression allows for non-sense matching like:

	ip option lsrr type 1

because 'lsrr' already provides the type field, this never results in a
matching.

Turn this expression into:

	ip option lsrr exists

And update documentation to hide this redundant type field.

Fixes: 226a0e072d5c ("exthdr: add support for matching IPv4 options")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

2 files changed, 7 insertions, 4 deletions

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 7bc24a8a..2a155aa8 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -808,16 +808,16 @@ TCP option matching also supports raw expression syntax to access arbitrary opti
 |Keyword| Description | IP option fields
 |lsrr|
 Loose Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |ra|
 Router Alert |
-type, length, value
+length, value
 |rr|
 Record Route |
-type, length, ptr, addr
+length, ptr, addr
 |ssrr|
 Strict Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |============================
 
 .finding TCP options
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c8714812..d15bf212 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5698,6 +5698,9 @@ ip_hdr_expr		:	IP	ip_hdr_field	close_scope_ip
 					erec_queue(error(&@1, "unknown ip option type/field"), state->msgs);
 					YYERROR;
 				}
+
+				if ($4 == IPOPT_FIELD_TYPE)
+					$$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
 			}
 			|	IP	OPTION	ip_option_type close_scope_ip
 			{