From fa86b544c03b14ea12f30ad39676a6fea88cbe05 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Sun, 21 Nov 2021 23:33:11 +0100 Subject: tcpopt: add md5sig, fastopen and mptcp options Allow to use "fastopen", "md5sig" and "mptcp" mnemonics rather than the raw option numbers. These new keywords are only recognized while scanner is in tcp state. Signed-off-by: Florian Westphal --- src/parser_bison.y | 10 ++++++++-- src/scanner.l | 3 +++ src/tcpopt.c | 30 ++++++++++++++++++++++++++++++ 3 files changed, 41 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/parser_bison.y b/src/parser_bison.y index fca79132..a6a591b7 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -408,6 +408,7 @@ int nft_lex(void *, void *, void *); %token OPTION "option" %token ECHO "echo" %token EOL "eol" +%token MPTCP "mptcp" %token NOP "nop" %token SACK "sack" %token SACK0 "sack0" @@ -415,6 +416,8 @@ int nft_lex(void *, void *, void *); %token SACK2 "sack2" %token SACK3 "sack3" %token SACK_PERM "sack-permitted" +%token FASTOPEN "fastopen" +%token MD5SIG "md5sig" %token TIMESTAMP "timestamp" %token COUNT "count" %token LEFT "left" @@ -5548,11 +5551,14 @@ tcp_hdr_option_sack : SACK { $$ = TCPOPT_KIND_SACK; } tcp_hdr_option_type : ECHO { $$ = TCPOPT_KIND_ECHO; } | EOL { $$ = TCPOPT_KIND_EOL; } + | FASTOPEN { $$ = TCPOPT_KIND_FASTOPEN; } + | MD5SIG { $$ = TCPOPT_KIND_MD5SIG; } + | MPTCP { $$ = TCPOPT_KIND_MPTCP; } | MSS { $$ = TCPOPT_KIND_MAXSEG; } | NOP { $$ = TCPOPT_KIND_NOP; } | SACK_PERM { $$ = TCPOPT_KIND_SACK_PERMITTED; } - | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } - | WINDOW { $$ = TCPOPT_KIND_WINDOW; } + | TIMESTAMP { $$ = TCPOPT_KIND_TIMESTAMP; } + | WINDOW { $$ = TCPOPT_KIND_WINDOW; } | tcp_hdr_option_sack { $$ = $1; } | NUM { if ($1 > 255) { diff --git a/src/scanner.l b/src/scanner.l index 09fcbd09..c65d5784 100644 --- a/src/scanner.l +++ b/src/scanner.l @@ -469,6 +469,9 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr}) { "echo" { return ECHO; } "eol" { return EOL; } +"fastopen" { return FASTOPEN; } +"mptcp" { return MPTCP; } +"md5sig" { return MD5SIG; } "nop" { return NOP; } "noop" { return NOP; } "sack" { return SACK; } diff --git a/src/tcpopt.c b/src/tcpopt.c index 53fe9bc8..5913cd06 100644 --- a/src/tcpopt.c +++ b/src/tcpopt.c @@ -91,6 +91,33 @@ static const struct exthdr_desc tcpopt_timestamp = { }, }; +static const struct exthdr_desc tcpopt_fastopen = { + .name = "fastopen", + .type = TCPOPT_KIND_FASTOPEN, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + +static const struct exthdr_desc tcpopt_md5sig = { + .name = "md5sig", + .type = TCPOPT_KIND_MD5SIG, + .templates = { + [TCPOPT_COMMON_KIND] = PHT("kind", 0, 8), + [TCPOPT_COMMON_LENGTH] = PHT("length", 8, 8), + }, +}; + + +static const struct exthdr_desc tcpopt_mptcp = { + .name = "mptcp", + .type = TCPOPT_KIND_MPTCP, + .templates = { + [TCPOPT_MPTCP_KIND] = PHT("kind", 0, 8), + [TCPOPT_MPTCP_LENGTH] = PHT("length", 8, 8), + }, +}; #undef PHT const struct exthdr_desc *tcpopt_protocols[] = { @@ -101,6 +128,9 @@ const struct exthdr_desc *tcpopt_protocols[] = { [TCPOPT_KIND_SACK_PERMITTED] = &tcpopt_sack_permitted, [TCPOPT_KIND_SACK] = &tcpopt_sack, [TCPOPT_KIND_TIMESTAMP] = &tcpopt_timestamp, + [TCPOPT_KIND_MD5SIG] = &tcpopt_md5sig, + [TCPOPT_KIND_MPTCP] = &tcpopt_mptcp, + [TCPOPT_KIND_FASTOPEN] = &tcpopt_fastopen, }; /** -- cgit v1.2.3