@@ -85,4 +85,8 @@ extern const struct exthdr_desc exthdr_frag;
extern const struct exthdr_desc exthdr_dst;
extern const struct exthdr_desc exthdr_mh;
+enum nft_exthdr_flags {
+ NFT_EXTHDR_F_PRESENT = (1 << 0),
+};
+
#endif /* NFTABLES_EXTHDR_H */
@@ -1002,6 +1002,7 @@ static void boolean_expr_print(const struct expr *expr)
switch (expr->dtype->type) {
case TYPE_FIB_ADDR: /* fib expr */
case TYPE_IFINDEX: /* fib expr */
+ case TYPE_INET_PROTOCOL: /* exthdr exists expr */
printf(expr->boolean ? "exists" : "missing");
break;
default:
@@ -24,7 +24,11 @@
static void exthdr_expr_print(const struct expr *expr)
{
- printf("%s %s", expr->exthdr.desc->name, expr->exthdr.tmpl->token);
+ if (expr->exthdr.flags & NFT_EXTHDR_F_PRESENT)
+ printf("exthdr %s", expr->exthdr.desc->name);
+ else
+ printf("%s %s", expr->exthdr.desc->name,
+ expr->exthdr.tmpl->token);
}
static bool exthdr_expr_cmp(const struct expr *e1, const struct expr *e2)
@@ -139,6 +139,7 @@ static void location_update(struct location *loc, struct location *rhs, int n)
const struct datatype *datatype;
struct handle_spec handle_spec;
struct position_spec position_spec;
+ const struct exthdr_desc *exthdr_desc;
}
%token TOKEN_EOF 0 "end of file"
@@ -431,6 +432,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%token TRUE "true"
%token FALSE "false"
+%token EXTHDR "exthdr"
+
%type <val> boolean_spec
%type <expr> boolean_expr
%destructor { expr_free($$); } boolean_expr
@@ -633,6 +636,10 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%type <quota> quota_config
%destructor { xfree($$); } quota_config
+%type <expr> exthdr_exists_expr
+%destructor { expr_free($$); } exthdr_exists_expr
+%type <exthdr_desc> exthdr_spec
+
%%
input : /* empty */
@@ -2260,6 +2267,7 @@ primary_expr : symbol_expr { $$ = $1; }
| integer_expr { $$ = $1; }
| payload_expr { $$ = $1; }
| exthdr_expr { $$ = $1; }
+ | exthdr_exists_expr { $$ = $1; }
| meta_expr { $$ = $1; }
| rt_expr { $$ = $1; }
| ct_expr { $$ = $1; }
@@ -3316,4 +3324,20 @@ mh_hdr_field : NEXTHDR { $$ = MHHDR_NEXTHDR; }
| CHECKSUM { $$ = MHHDR_CHECKSUM; }
;
+exthdr_exists_expr : EXTHDR exthdr_spec
+ {
+ /* Assume that NEXTHDR template is always
+ * the fist one in list of templates.
+ */
+ $$ = exthdr_expr_alloc(&@$, $2, 1);
+ $$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
+ }
+ ;
+
+exthdr_spec : HBH { $$ = &exthdr_hbh; }
+ | RT { $$ = &exthdr_rt; }
+ | FRAG { $$ = &exthdr_frag; }
+ | DST { $$ = &exthdr_dst; }
+ | MH { $$ = &exthdr_mh; }
+ ;
%%
@@ -487,6 +487,8 @@ addrstring ({macaddr}|{ip4addr}|{ip6addr})
"true" { return TRUE; }
"false" { return FALSE; }
+"exthdr" { return EXTHDR; }
+
{addrstring} {
yylval->string = xstrdup(yytext);
return STRING;
This is meant to be used as LHS of a boolean relational expression, like the following example matching on fragment header presence: | exthdr frag exists Signed-off-by: Phil Sutter <phil@nwl.cc> --- include/exthdr.h | 4 ++++ src/expression.c | 1 + src/exthdr.c | 6 +++++- src/parser_bison.y | 24 ++++++++++++++++++++++++ src/scanner.l | 2 ++ 5 files changed, 36 insertions(+), 1 deletion(-)