diff options
| -rw-r--r-- | include/tcpopt.h | 8 | ||||
| -rw-r--r-- | src/parser_bison.y | 10 | ||||
| -rw-r--r-- | src/scanner.l | 3 | ||||
| -rw-r--r-- | src/tcpopt.c | 30 |
4 files changed, 49 insertions, 2 deletions
diff --git a/include/tcpopt.h b/include/tcpopt.h index 667c8a77..22df69dc 100644 --- a/include/tcpopt.h +++ b/include/tcpopt.h @@ -25,6 +25,9 @@ enum tcpopt_kind { TCPOPT_KIND_SACK = 5, TCPOPT_KIND_TIMESTAMP = 8, TCPOPT_KIND_ECHO = 8, + TCPOPT_KIND_MD5SIG = 19, + TCPOPT_KIND_MPTCP = 30, + TCPOPT_KIND_FASTOPEN = 34, __TCPOPT_KIND_MAX, /* extra oob info, internal to nft */ @@ -71,6 +74,11 @@ enum tcpopt_hdr_field_sack { TCPOPT_SACK_RIGHT3, }; +enum tcpopt_hdr_mptcp_common { + TCPOPT_MPTCP_KIND, + TCPOPT_MPTCP_LENGTH, +}; + extern const struct exthdr_desc *tcpopt_protocols[__TCPOPT_KIND_MAX]; #endif /* NFTABLES_TCPOPT_H */ diff --git a/src/parser_bison.y b/src/parser_bison.y index fca79132..a6a591b7 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -408,6 +408,7 @@ int nft_lex(void *, void *, void *); %token OPTION "option" %token ECHO "echo" %token EOL "eol" +%token MPTCP "mptcp" %token NOP "nop" %token SACK "sack" %token SACK0 "sack0" @@ -415,6 +416,8 @@ int nft_lex(void *, void *, void *); %token SACK2 "sack2" %token SACK3 "sack3" %token SACK_PERM "sack-permitted" +%token FASTOPEN "fastopen" +%token MD5SIG "md5sig" %token TIMESTAMP "timestamp" %token COUNT "count" %token LEFT "left" @@ -5548,11 +5551,14 @@ tcp_hdr_option_sack : SACK { $$ = TCPOPT_KIND_SACK; } tcp_hdr_option_type : ECHO { $$ = TCPOPT_KIND_ECHO; } | EOL { $$ = TCPOPT_KIND_EOL; } + | FASTOPEN { $$ = TCPOPT_KIND_FASTOPEN; } + | MD5SIG { $$ = TCPOPT_KIND_MD5SIG; } + | MPTCP { $$ = TCPOPT_KIND_MPTCP; } | MSS { $$ = TCPOPT_KIND_MAXSEG; } | NOP { $$ = TCPOPT_KIND_NOP; } | SACK_PERM { $$ = TCPOPT_KIND_SACK_PERMITTED; } - | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } - | WINDOW { $$ = TCPOPT_KIND_WINDOW; } + | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } + | WINDOW { $$ = TCPOPT_KIND_WINDOW; } | tcp_hdr_option_sack { $$ = $1; } | NUM { if ($1 > 255) { diff --git a/src/scanner.l b/src/scanner.l index 09fcbd09..c65d5784 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -469,6 +469,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) <SCANSTATE_TCP>{ "echo" { return ECHO; } "eol" { return EOL; } +"fastopen" { return FASTOPEN; } +"mptcp" { return MPTCP; } +"md5sig" { return MD5SIG; } "nop" { return NOP; } "noop" { return NOP; } "sack" { return SACK; } diff --git a/src/tcpopt.c b/src/tcpopt.c index 53fe9bc8..5913cd06 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -91,6 +91,33 @@ static const struct exthdr_desc tcpopt_timestamp = { }, }; +static const struct exthdr_desc tcpopt_fastopen = { + .name = "fastopen", + .type = TCPOPT_KIND_FASTOPEN, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + +static const struct exthdr_desc tcpopt_md5sig = { + .name = "md5sig", + .type = TCPOPT_KIND_MD5SIG, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + + +static const struct exthdr_desc tcpopt_mptcp = { + .name = "mptcp", + .type = TCPOPT_KIND_MPTCP, + .templates = { + [TCPOPT_MPTCP_KIND] = PHT("kind", 0, 8), + [TCPOPT_MPTCP_LENGTH] = PHT("length", 8, 8), + }, +}; #undef PHT const struct exthdr_desc *tcpopt_protocols[] = { @@ -101,6 +128,9 @@ const struct exthdr_desc *tcpopt_protocols[] = { [TCPOPT_KIND_SACK_PERMITTED] = &tcpopt_sack_permitted, [TCPOPT_KIND_SACK] = &tcpopt_sack, [TCPOPT_KIND_TIMESTAMP] = &tcpopt_timestamp, + [TCPOPT_KIND_MD5SIG] = &tcpopt_md5sig, + [TCPOPT_KIND_MPTCP] = &tcpopt_mptcp, + [TCPOPT_KIND_FASTOPEN] = &tcpopt_fastopen, }; /** |