[nft] parser_json: add raw payload inner header match support

diff --git a/src/parser_json.c b/src/parser_json.c
index 3cd21175b236..7a2d30ff665c 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -558,6 +558,8 @@  static struct expr *json_parse_payload_expr(struct json_ctx *ctx,
 			val = PROTO_BASE_NETWORK_HDR;
 		} else if (!strcmp(base, "th")) {
 			val = PROTO_BASE_TRANSPORT_HDR;
+		} else if (!strcmp(base, "ih")) {
+			val = PROTO_BASE_INNER_HDR;
 		} else {
 			json_error(ctx, "Invalid payload base '%s'.", base);
 			return NULL;
diff --git a/tests/py/any/rawpayload.t b/tests/py/any/rawpayload.t
index 9fe377e24397..128e8088c4e5 100644
--- a/tests/py/any/rawpayload.t
+++ b/tests/py/any/rawpayload.t
@@ -18,3 +18,5 @@  meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80}
 @ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80
 @ll,0,8 & 0x80 == 0x80;ok
 @ll,0,128 0xfedcba987654321001234567890abcde;ok
+
+@ih,32,32 0x14000000;ok
diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json
index 9481d9bf543b..b5115e0ddacf 100644
--- a/tests/py/any/rawpayload.t.json
+++ b/tests/py/any/rawpayload.t.json
@@ -156,3 +156,20 @@ 
     }
 ]
 
+# @ih,32,32 0x14000000
+[
+    {
+        "match": {
+            "left": {
+                "payload": {
+                    "base": "ih",
+                    "len": 32,
+                    "offset": 32
+                }
+            },
+            "op": "==",
+            "right": 335544320
+        }
+    }
+]
+
diff --git a/tests/py/any/rawpayload.t.payload b/tests/py/any/rawpayload.t.payload
index d2b38183cc95..61c41cb976d6 100644
--- a/tests/py/any/rawpayload.t.payload
+++ b/tests/py/any/rawpayload.t.payload
@@ -47,3 +47,9 @@  inet test-inet input
 inet test-inet input
   [ payload load 16b @ link header + 0 => reg 1 ]
   [ cmp eq reg 1 0x98badcfe 0x10325476 0x67452301 0xdebc0a89 ]
+
+# @ih,32,32 0x14000000
+inet test-inet input
+  [ payload load 4b @ inner header + 4 => reg 1 ]
+  [ cmp eq reg 1 0x00000014 ]
+