diff options
| author | Phil Sutter <phil@nwl.cc> | 2021-05-04 13:41:38 +0200 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2021-05-19 11:52:05 +0200 |
| commit | 0e3871cfd9a1e32a4ac041ce87a8057b11a89924 (patch) | |
| tree | 926b57779c199024a9d8e1ceb8fd031ff28f88b7 /src/exthdr.c | |
| parent | fd81d3ec3ae8b8d1d54a708d63b2dab2c8508c90 (diff) | |
exthdr: Implement SCTP Chunk matching
Extend exthdr expression to support scanning through SCTP packet chunks
and matching on fixed fields' values.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Acked-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/exthdr.c')
| -rw-r--r-- | src/exthdr.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/exthdr.c b/src/exthdr.c index b0243ada..22a08b0c 100644 --- a/src/exthdr.c +++ b/src/exthdr.c @@ -22,6 +22,7 @@ #include <headers.h> #include <expression.h> #include <statement.h> +#include <sctp_chunk.h> static const struct exthdr_desc *exthdr_definitions[PROTO_DESC_MAX + 1] = { [EXTHDR_DESC_HBH] = &exthdr_hbh, @@ -75,6 +76,11 @@ static void exthdr_expr_print(const struct expr *expr, struct output_ctx *octx) if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) return; nft_print(octx, " %s", expr->exthdr.tmpl->token); + } else if (expr->exthdr.op == NFT_EXTHDR_OP_SCTP) { + nft_print(octx, "sctp chunk %s", expr->exthdr.desc->name); + if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) + return; + nft_print(octx, " %s", expr->exthdr.tmpl->token); } else { if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) nft_print(octx, "exthdr %s", expr->exthdr.desc->name); @@ -291,6 +297,8 @@ void exthdr_init_raw(struct expr *expr, uint8_t type, return tcpopt_init_raw(expr, type, offset, len, flags); if (op == NFT_EXTHDR_OP_IPV4) return ipopt_init_raw(expr, type, offset, len, flags, true); + if (op == NFT_EXTHDR_OP_SCTP) + return sctp_chunk_init_raw(expr, type, offset, len, flags); expr->len = len; expr->exthdr.flags = flags; |