summaryrefslogtreecommitdiff
path: root/include/net
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2021-10-28 23:15:00 +0300
committerPablo Neira Ayuso <pablo@netfilter.org>2021-11-01 11:31:03 +0300
commitc46b38dc8743535e686b911d253a844f0bd50ead (patch)
tree3ea59205264ba559d399fd8047e9dbe196743fb2 /include/net
parentb5bdc6f9c24db9a0adf8bd00c0e935b184654f00 (diff)
downloadlinux-c46b38dc8743535e686b911d253a844f0bd50ead.tar.xz
netfilter: nft_payload: support for inner header matching / mangling
Allow to match and mangle on inner headers / payload data after the transport header. There is a new field in the pktinfo structure that stores the inner header offset which is calculated only when requested. Only TCP and UDP supported at this stage. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/net')
-rw-r--r--include/net/netfilter/nf_tables.h2
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_tables.h b/include/net/netfilter/nf_tables.h
index 7e3188cf4a7d..a0d9e0b47ab8 100644
--- a/include/net/netfilter/nf_tables.h
+++ b/include/net/netfilter/nf_tables.h
@@ -23,6 +23,7 @@ struct module;
enum {
NFT_PKTINFO_L4PROTO = (1 << 0),
+ NFT_PKTINFO_INNER = (1 << 1),
};
struct nft_pktinfo {
@@ -32,6 +33,7 @@ struct nft_pktinfo {
u8 tprot;
u16 fragoff;
unsigned int thoff;
+ unsigned int inneroff;
};
static inline struct sock *nft_sk(const struct nft_pktinfo *pkt)