exthdr: Implement existence check

This allows to check for existence of an IPv6 extension or TCP option header by using the following syntax: | exthdr frag exists | tcpopt window exists Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Phil Sutter <phil@nwl.cc> 2017-03-10 18:13:51 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-03-10 19:01:21 +0100
commit: e02bd59c4009bedba89da88b199e715441975439 (patch)
tree: 89dd9f1959adf4065d23da80053e119fe1483500 /src/tcpopt.c
parent: 627be570eff8f05849614a257e6fa45c744f4dbd (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/src/tcpopt.c b/src/tcpopt.c
index d34dfd45..dac4fdb9 100644
--- a/src/tcpopt.c
+++ b/src/tcpopt.c
@@ -205,6 +205,7 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int offset,
 
 	assert(type < array_size(tcpopt_protocols));
 	expr->exthdr.desc = tcpopt_protocols[type];
+	expr->exthdr.flags = flags;
 	assert(expr->exthdr.desc != TCPOPT_OBSOLETE);
 
 	for (i = 0; i < array_size(expr->exthdr.desc->templates); ++i) {
@@ -216,7 +217,10 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int offset,
 		if (tmpl->offset != off || tmpl->len != len)
 			continue;
 
-		expr->dtype       = tmpl->dtype;
+		if (flags & NFT_EXTHDR_F_PRESENT)
+			expr->dtype = &boolean_type;
+		else
+			expr->dtype = tmpl->dtype;
 		expr->exthdr.tmpl = tmpl;
 		expr->exthdr.op   = NFT_EXTHDR_OP_TCPOPT;
 		break;
author	Phil Sutter <phil@nwl.cc>	2017-03-10 18:13:51 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-03-10 19:01:21 +0100
commit	e02bd59c4009bedba89da88b199e715441975439 (patch)
tree	89dd9f1959adf4065d23da80053e119fe1483500 /src/tcpopt.c
parent	627be570eff8f05849614a257e6fa45c744f4dbd (diff)