netfilter: nft_exthdr: Allow checking TCP option presence, too

Honor NFT_EXTHDR_F_PRESENT flag so we check if the TCP option is present. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

netfilter: nft_exthdr: Allow checking TCP option presence, too
Honor NFT_EXTHDR_F_PRESENT flag so we check if the TCP option is present. Signed-off-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
3c1fece8 · Phil Sutter · Pablo Neira Ayuso · 8d70eeb8 · 3c1fece8
Commit 3c1fece8 authored Feb 20, 2017 by Phil Sutter Committed by Pablo Neira Ayuso Mar 06, 2017
Show whitespace changes
Inline Side-by-side

Showing with 10 additions and 3 deletions

net/netfilter/nft_exthdr.c net/netfilter/nft_exthdr.c +10 -3

No files found.
--- a/net/netfilter/nft_exthdr.c
+++ b/net/netfilter/nft_exthdr.c
@@ -98,13 +98,20 @@ static void nft_exthdr_tcp_eval(const struct nft_expr *expr,
 			goto err;
 		offset = i + priv->offset;
+		if (priv->flags & NFT_EXTHDR_F_PRESENT) {
+			*dest = 1;
+		} else {
 			dest[priv->len / NFT_REG32_SIZE] = 0;
 			memcpy(dest, opt + offset, priv->len);
+		}
 		return;
 	}
 err:
+	if (priv->flags & NFT_EXTHDR_F_PRESENT)
+		*dest = 0;
+	else
 		regs->verdict.code = NFT_BREAK;
 }