diff options
author | Florian Westphal <fw@strlen.de> | 2021-11-21 23:33:11 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-12-01 14:11:39 +0100 |
commit | fa86b544c03b14ea12f30ad39676a6fea88cbe05 (patch) | |
tree | 9bd1fb741fb95c84c06591fd1d5ddc8be10b7cac | |
parent | c009df1fded60c64075493c875873f05606f17ef (diff) |
tcpopt: add md5sig, fastopen and mptcp options
Allow to use "fastopen", "md5sig" and "mptcp" mnemonics rather than the
raw option numbers.
These new keywords are only recognized while scanner is in tcp state.
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | include/tcpopt.h | 8 | ||||
-rw-r--r-- | src/parser_bison.y | 10 | ||||
-rw-r--r-- | src/scanner.l | 3 | ||||
-rw-r--r-- | src/tcpopt.c | 30 |
4 files changed, 49 insertions, 2 deletions
diff --git a/include/tcpopt.h b/include/tcpopt.h index 667c8a77..22df69dc 100644 --- a/include/tcpopt.h +++ b/include/tcpopt.h @@ -25,6 +25,9 @@ enum tcpopt_kind { TCPOPT_KIND_SACK = 5, TCPOPT_KIND_TIMESTAMP = 8, TCPOPT_KIND_ECHO = 8, + TCPOPT_KIND_MD5SIG = 19, + TCPOPT_KIND_MPTCP = 30, + TCPOPT_KIND_FASTOPEN = 34, __TCPOPT_KIND_MAX, /* extra oob info, internal to nft */ @@ -71,6 +74,11 @@ enum tcpopt_hdr_field_sack { TCPOPT_SACK_RIGHT3, }; +enum tcpopt_hdr_mptcp_common { + TCPOPT_MPTCP_KIND, + TCPOPT_MPTCP_LENGTH, +}; + extern const struct exthdr_desc *tcpopt_protocols[__TCPOPT_KIND_MAX]; #endif /* NFTABLES_TCPOPT_H */ diff --git a/src/parser_bison.y b/src/parser_bison.y index fca79132..a6a591b7 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -408,6 +408,7 @@ int nft_lex(void *, void *, void *); %token OPTION "option" %token ECHO "echo" %token EOL "eol" +%token MPTCP "mptcp" %token NOP "nop" %token SACK "sack" %token SACK0 "sack0" @@ -415,6 +416,8 @@ int nft_lex(void *, void *, void *); %token SACK2 "sack2" %token SACK3 "sack3" %token SACK_PERM "sack-permitted" +%token FASTOPEN "fastopen" +%token MD5SIG "md5sig" %token TIMESTAMP "timestamp" %token COUNT "count" %token LEFT "left" @@ -5548,11 +5551,14 @@ tcp_hdr_option_sack : SACK { $$ = TCPOPT_KIND_SACK; } tcp_hdr_option_type : ECHO { $$ = TCPOPT_KIND_ECHO; } | EOL { $$ = TCPOPT_KIND_EOL; } + | FASTOPEN { $$ = TCPOPT_KIND_FASTOPEN; } + | MD5SIG { $$ = TCPOPT_KIND_MD5SIG; } + | MPTCP { $$ = TCPOPT_KIND_MPTCP; } | MSS { $$ = TCPOPT_KIND_MAXSEG; } | NOP { $$ = TCPOPT_KIND_NOP; } | SACK_PERM { $$ = TCPOPT_KIND_SACK_PERMITTED; } - | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } - | WINDOW { $$ = TCPOPT_KIND_WINDOW; } + | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } + | WINDOW { $$ = TCPOPT_KIND_WINDOW; } | tcp_hdr_option_sack { $$ = $1; } | NUM { if ($1 > 255) { diff --git a/src/scanner.l b/src/scanner.l index 09fcbd09..c65d5784 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -469,6 +469,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) <SCANSTATE_TCP>{ "echo" { return ECHO; } "eol" { return EOL; } +"fastopen" { return FASTOPEN; } +"mptcp" { return MPTCP; } +"md5sig" { return MD5SIG; } "nop" { return NOP; } "noop" { return NOP; } "sack" { return SACK; } diff --git a/src/tcpopt.c b/src/tcpopt.c index 53fe9bc8..5913cd06 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -91,6 +91,33 @@ static const struct exthdr_desc tcpopt_timestamp = { }, }; +static const struct exthdr_desc tcpopt_fastopen = { + .name = "fastopen", + .type = TCPOPT_KIND_FASTOPEN, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + +static const struct exthdr_desc tcpopt_md5sig = { + .name = "md5sig", + .type = TCPOPT_KIND_MD5SIG, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + + +static const struct exthdr_desc tcpopt_mptcp = { + .name = "mptcp", + .type = TCPOPT_KIND_MPTCP, + .templates = { + [TCPOPT_MPTCP_KIND] = PHT("kind", 0, 8), + [TCPOPT_MPTCP_LENGTH] = PHT("length", 8, 8), + }, +}; #undef PHT const struct exthdr_desc *tcpopt_protocols[] = { @@ -101,6 +128,9 @@ const struct exthdr_desc *tcpopt_protocols[] = { [TCPOPT_KIND_SACK_PERMITTED] = &tcpopt_sack_permitted, [TCPOPT_KIND_SACK] = &tcpopt_sack, [TCPOPT_KIND_TIMESTAMP] = &tcpopt_timestamp, + [TCPOPT_KIND_MD5SIG] = &tcpopt_md5sig, + [TCPOPT_KIND_MPTCP] = &tcpopt_mptcp, + [TCPOPT_KIND_FASTOPEN] = &tcpopt_fastopen, }; /** |