diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2023-04-11 21:45:34 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-06-01 21:43:16 +0200 |
commit | 6ab0fd6c67dbccedb49209b94eb7f740dd32fd2a (patch) | |
tree | 8f376a718fd3c1bc28577a6fb00ec5c3ccdf9133 /src/evaluate.c | |
parent | 19245dd1e0c8e1e007a3b98527e379337d57b49a (diff) |
exthdr: add boolean DCCP option matching
Iptables supports the matching of DCCP packets based on the presence
or absence of DCCP options. Extend exthdr expressions to add this
functionality to nftables.
Link: https://bugzilla.netfilter.org/show_bug.cgi?id=930
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 50f1496c..00bb8988 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -622,6 +622,7 @@ static int expr_evaluate_exthdr(struct eval_ctx *ctx, struct expr **exprp) switch (expr->exthdr.op) { case NFT_EXTHDR_OP_TCPOPT: case NFT_EXTHDR_OP_SCTP: + case NFT_EXTHDR_OP_DCCP: return __expr_evaluate_exthdr(ctx, exprp); case NFT_EXTHDR_OP_IPV4: dependency = &proto_ip; |