TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

netfilter: nft_inner: add geneve support

Browse Source 
Geneve tunnel header may contain options, parse geneve header and update
offset to point to the link layer header according to the opt_len field.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
2022-10-17 13:03:34 +02:00
parent a150d122b6
commit 0db14b9566
2 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/uapi/linux/netfilter/nf_tables.h
+1
View File
@@ -783,6 +783,7 @@ enum nft_payload_csum_flags {
enum nft_inner_type { enum nft_inner_type {
NFT_INNER_UNSPEC = 0, NFT_INNER_UNSPEC = 0,
NFT_INNER_VXLAN, NFT_INNER_VXLAN,
NFT_INNER_GENEVE,
}; };
enum nft_inner_flags { enum nft_inner_flags {
net/netfilter/nft_inner.c
+17
View File
@@ -17,6 +17,7 @@
#include <linux/tcp.h> #include <linux/tcp.h>
#include <linux/udp.h> #include <linux/udp.h>
#include <net/gre.h> #include <net/gre.h>
#include <net/geneve.h>
#include <net/ip.h> #include <net/ip.h>
#include <linux/icmpv6.h> #include <linux/icmpv6.h>
#include <linux/ip.h> #include <linux/ip.h>
@@ -181,6 +182,22 @@ static int nft_inner_parse_tunhdr(const struct nft_inner *priv,
ctx->flags |= NFT_PAYLOAD_CTX_INNER_TUN; ctx->flags |= NFT_PAYLOAD_CTX_INNER_TUN;
*off += priv->hdrsize; *off += priv->hdrsize;
switch (priv->type) {
case NFT_INNER_GENEVE: {
struct genevehdr *gnvh, _gnvh;
gnvh = skb_header_pointer(pkt->skb, pkt->inneroff,
sizeof(_gnvh), &_gnvh);
if (!gnvh)
return -1;
*off += gnvh->opt_len * 4;
}
break;
default:
break;
}
return 0; return 0;
} }