diff options
author | Florian Westphal <fw@strlen.de> | 2020-10-21 23:54:17 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2020-11-09 12:19:31 +0100 |
commit | 24d8da3083422da8336eeed2ee23b2ccf598ba5a (patch) | |
tree | aad5a98e023ca49a5db923ec8ad8c8899482bf57 /src/parser_bison.y | |
parent | 2e1f821d713aa44717b38901ee80cac8e2aa0335 (diff) |
tcpopt: allow to check for presence of any tcp option
nft currently doesn't allow to check for presence of arbitrary tcp options.
Only known options where nft provides a template can be tested for.
This allows to test for presence of raw protocol values as well.
Example:
tcp option 42 exists
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/parser_bison.y')
-rw-r--r-- | src/parser_bison.y | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 7dedbd25..9a2b1b6f 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5224,6 +5224,13 @@ tcp_hdr_option_type : EOL { $$ = TCPOPT_KIND_EOL; } | SACK3 { $$ = TCPOPT_KIND_SACK3; } | ECHO { $$ = TCPOPT_KIND_ECHO; } | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } + | NUM { + if ($1 > 255) { + erec_queue(error(&@1, "value too large"), state->msgs); + YYERROR; + } + $$ = $1; + } ; tcp_hdr_option_field : KIND { $$ = TCPOPT_COMMON_KIND; } |