summaryrefslogtreecommitdiffstats
path: root/src/exthdr.c
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2017-03-10 18:13:51 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-03-10 19:01:21 +0100
commite02bd59c4009bedba89da88b199e715441975439 (patch)
tree89dd9f1959adf4065d23da80053e119fe1483500 /src/exthdr.c
parent627be570eff8f05849614a257e6fa45c744f4dbd (diff)
exthdr: Implement existence check
This allows to check for existence of an IPv6 extension or TCP option header by using the following syntax: | exthdr frag exists | tcpopt window exists Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/exthdr.c')
-rw-r--r--src/exthdr.c28
1 files changed, 24 insertions, 4 deletions
diff --git a/src/exthdr.c b/src/exthdr.c
index 21fe734f..375e18fc 100644
--- a/src/exthdr.c
+++ b/src/exthdr.c
@@ -32,14 +32,22 @@ static void exthdr_expr_print(const struct expr *expr)
unsigned int offset = expr->exthdr.offset / 64;
char buf[3] = {0};
+ if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) {
+ printf("tcp option %s", expr->exthdr.desc->name);
+ return;
+ }
+
if (offset)
snprintf(buf, sizeof buf, "%d", offset);
printf("tcp option %s%s %s", expr->exthdr.desc->name, buf,
expr->exthdr.tmpl->token);
+ } else {
+ if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT)
+ printf("exthdr %s", expr->exthdr.desc->name);
+ else
+ printf("%s %s", expr->exthdr.desc->name,
+ expr->exthdr.tmpl->token);
}
- else
- printf("%s %s", expr->exthdr.desc->name,
- expr->exthdr.tmpl->token);
}
static bool exthdr_expr_cmp(const struct expr *e1, const struct expr *e2)
@@ -97,6 +105,13 @@ static const struct exthdr_desc *exthdr_protocols[IPPROTO_MAX] = {
[IPPROTO_MH] = &exthdr_mh,
};
+const struct exthdr_desc *exthdr_find_proto(uint8_t proto)
+{
+ assert(exthdr_protocols[proto]);
+
+ return exthdr_protocols[proto];
+}
+
void exthdr_init_raw(struct expr *expr, uint8_t type,
unsigned int offset, unsigned int len,
enum nft_exthdr_op op, uint32_t flags)
@@ -119,7 +134,12 @@ void exthdr_init_raw(struct expr *expr, uint8_t type,
if (tmpl->offset != offset ||
tmpl->len != len)
continue;
- expr->dtype = tmpl->dtype;
+
+ if (flags & NFT_EXTHDR_F_PRESENT)
+ expr->dtype = &boolean_type;
+ else
+ expr->dtype = tmpl->dtype;
+
expr->exthdr.tmpl = tmpl;
return;
}
generated by cgit v1.2.3 (git 2.25.0) at 2024-11-16 17:48:02 +0000