exthdr: Implement SCTP Chunk matching

Extend exthdr expression to support scanning through SCTP packet chunks and matching on fixed fields' values. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Florian Westphal <fw@strlen.de>
author: Phil Sutter <phil@nwl.cc> 2021-05-04 13:41:38 +0200
committer: Phil Sutter <phil@nwl.cc> 2021-05-19 11:52:05 +0200
commit: 0e3871cfd9a1e32a4ac041ce87a8057b11a89924 (patch)
tree: 926b57779c199024a9d8e1ceb8fd031ff28f88b7 /include/linux/netfilter
parent: fd81d3ec3ae8b8d1d54a708d63b2dab2c8508c90 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h
index 894a62cf..75df968d 100644
--- a/include/linux/netfilter/nf_tables.h
+++ b/include/linux/netfilter/nf_tables.h
@@ -808,11 +808,13 @@ enum nft_exthdr_flags {
  * @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
  * @NFT_EXTHDR_OP_TCP: match against tcp options
  * @NFT_EXTHDR_OP_IPV4: match against ipv4 options
+ * @NFT_EXTHDR_OP_SCTP: match against sctp chunks
  */
 enum nft_exthdr_op {
 	NFT_EXTHDR_OP_IPV6,
 	NFT_EXTHDR_OP_TCPOPT,
 	NFT_EXTHDR_OP_IPV4,
+	NFT_EXTHDR_OP_SCTP,
 	__NFT_EXTHDR_OP_MAX
 };
 #define NFT_EXTHDR_OP_MAX	(__NFT_EXTHDR_OP_MAX - 1)
author	Phil Sutter <phil@nwl.cc>	2021-05-04 13:41:38 +0200
committer	Phil Sutter <phil@nwl.cc>	2021-05-19 11:52:05 +0200
commit	0e3871cfd9a1e32a4ac041ce87a8057b11a89924 (patch)
tree	926b57779c199024a9d8e1ceb8fd031ff28f88b7 /include/linux/netfilter
parent	fd81d3ec3ae8b8d1d54a708d63b2dab2c8508c90 (diff)