aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/nft_exthdr.c
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2017-02-20 17:52:27 +0100
committerPablo Neira Ayuso <pablo@netfilter.org>2017-03-06 17:52:56 +0100
commit3c1fece8819ed25257461b71e7c75a1f33eaa61d (patch)
tree402661ad234dfb079d3ca61e66e2bd18bad1e167 /net/netfilter/nft_exthdr.c
parentMerge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net (diff)
downloadlinux-dev-3c1fece8819ed25257461b71e7c75a1f33eaa61d.tar.xz
linux-dev-3c1fece8819ed25257461b71e7c75a1f33eaa61d.zip
netfilter: nft_exthdr: Allow checking TCP option presence, too
Honor NFT_EXTHDR_F_PRESENT flag so we check if the TCP option is present. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/nft_exthdr.c')
-rw-r--r--net/netfilter/nft_exthdr.c13
1 files changed, 10 insertions, 3 deletions
diff --git a/net/netfilter/nft_exthdr.c b/net/netfilter/nft_exthdr.c
index c308920b194c..d212a85d2f33 100644
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -98,14 +98,21 @@ static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
goto err;
offset = i + priv->offset;
- dest[priv->len / NFT_REG32_SIZE] = 0;
- memcpy(dest, opt + offset, priv->len);
+ if (priv->flags & NFT_EXTHDR_F_PRESENT) {
+ *dest = 1;
+ } else {
+ dest[priv->len / NFT_REG32_SIZE] = 0;
+ memcpy(dest, opt + offset, priv->len);
+ }
return;
}
err:
- regs->verdict.code = NFT_BREAK;
+ if (priv->flags & NFT_EXTHDR_F_PRESENT)
+ *dest = 0;
+ else
+ regs->verdict.code = NFT_BREAK;
}
static const struct nla_policy nft_exthdr_policy[NFTA_EXTHDR_MAX + 1] = {
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.