Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 3c1fece8 authored Feb 20, 2017 by Phil Sutter Committed by Pablo Neira Ayuso Mar 06, 2017

netfilter: nft_exthdr: Allow checking TCP option presence, too



Honor NFT_EXTHDR_F_PRESENT flag so we check if the TCP option is
present.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 8d70eeb8

net/netfilter/nft_exthdr.c

+10 −3

Original line number	Diff line number	Diff line
		@@ -98,13 +98,20 @@ static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
		goto err;

		offset = i + priv->offset;
		if (priv->flags & NFT_EXTHDR_F_PRESENT) {
		*dest = 1;
		} else {
		dest[priv->len / NFT_REG32_SIZE] = 0;
		memcpy(dest, opt + offset, priv->len);
		}

		return;
		}

		err:
		if (priv->flags & NFT_EXTHDR_F_PRESENT)
		*dest = 0;
		else
		regs->verdict.code = NFT_BREAK;
		}