netfilter: nft_exthdr: Support SCTP chunks
Chunks are SCTP header extensions similar in implementation to IPv6 extension headers or TCP options. Reusing exthdr expression to find and extract field values from them is therefore pretty straightforward. For now, this supports extracting data from chunks at a fixed offset (and length) only - chunks themselves are an extensible data structure; in order to make all fields available, a nested extension search is needed. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Phil Sutter
Pablo Neira Ayuso
parent
af9207adb6
commit
133dc203d7
2 changed files with 53 additions and 0 deletions
|
|
@ -813,11 +813,13 @@ enum nft_exthdr_flags {
|
|||
* @NFT_EXTHDR_OP_IPV6: match against ipv6 extension headers
|
||||
* @NFT_EXTHDR_OP_TCP: match against tcp options
|
||||
* @NFT_EXTHDR_OP_IPV4: match against ipv4 options
|
||||
* @NFT_EXTHDR_OP_SCTP: match against sctp chunks
|
||||
*/
|
||||
enum nft_exthdr_op {
|
||||
NFT_EXTHDR_OP_IPV6,
|
||||
NFT_EXTHDR_OP_TCPOPT,
|
||||
NFT_EXTHDR_OP_IPV4,
|
||||
NFT_EXTHDR_OP_SCTP,
|
||||
__NFT_EXTHDR_OP_MAX
|
||||
};
|
||||
#define NFT_EXTHDR_OP_MAX (__NFT_EXTHDR_OP_MAX - 1)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue