@@ -580,9 +580,7 @@ static int expr_evaluate_exthdr(struct eval_ctx *ctx, struct expr **exprp)
switch (expr->exthdr.op) {
case NFT_EXTHDR_OP_TCPOPT:
- dependency = &proto_tcp;
- pb = PROTO_BASE_TRANSPORT_HDR;
- break;
+ return __expr_evaluate_exthdr(ctx, exprp);
case NFT_EXTHDR_OP_IPV4:
dependency = &proto_ip;
break;
@@ -1,210 +1,150 @@
# tcp option eol kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option nop kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg size 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000100 ]
# tcp option window kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window count 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack-perm kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack-perm length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack0 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack1 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack2 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack3 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack0 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack1 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack2 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack3 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option timestamp kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option timestamp length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option timestamp tsval 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option timestamp tsecr 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option 255 missing
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
# tcp option @255,8,8 255
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]
[ cmp eq reg 1 0x000000ff ]
# tcp option window exists
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window missing
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
Kernel won't search for tcp options in non-tcp packets. Signed-off-by: Florian Westphal <fw@strlen.de> --- src/evaluate.c | 4 +-- tests/py/any/tcpopt.t.payload | 60 ----------------------------------- 2 files changed, 1 insertion(+), 63 deletions(-)