diff mbox series

[nf-next,v5,2/7] netfilter: nft_payload: access ipip payload for inner offset

Message ID 20221017110335.742076-3-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series nf_tables inner tunnel header match support | expand

Commit Message

Pablo Neira Ayuso Oct. 17, 2022, 11:03 a.m. UTC 
ipip is an special case, transport and inner header offset are set to
the same offset to use the upcoming inner expression for matching on
inner tunnel headers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
v5: no changes

 net/netfilter/nft_payload.c | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index c2ab64e12f79..237166595228 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -132,6 +132,9 @@  static int __nft_payload_inner_offset(struct nft_pktinfo *pkt)
 		pkt->inneroff = thoff + offset;
 		}
 		break;
+	case IPPROTO_IPIP:
+		pkt->inneroff = thoff;
+		break;
 	default:
 		return -1;
 	}