Commit 0db14b95 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso

netfilter: nft_inner: add geneve support

Geneve tunnel header may contain options, parse geneve header and update
offset to point to the link layer header according to the opt_len field.
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a150d122
...@@ -783,6 +783,7 @@ enum nft_payload_csum_flags { ...@@ -783,6 +783,7 @@ enum nft_payload_csum_flags {
enum nft_inner_type { enum nft_inner_type {
NFT_INNER_UNSPEC = 0, NFT_INNER_UNSPEC = 0,
NFT_INNER_VXLAN, NFT_INNER_VXLAN,
NFT_INNER_GENEVE,
}; };
enum nft_inner_flags { enum nft_inner_flags {
......
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
#include <linux/tcp.h> #include <linux/tcp.h>
#include <linux/udp.h> #include <linux/udp.h>
#include <net/gre.h> #include <net/gre.h>
#include <net/geneve.h>
#include <net/ip.h> #include <net/ip.h>
#include <linux/icmpv6.h> #include <linux/icmpv6.h>
#include <linux/ip.h> #include <linux/ip.h>
...@@ -181,6 +182,22 @@ static int nft_inner_parse_tunhdr(const struct nft_inner *priv, ...@@ -181,6 +182,22 @@ static int nft_inner_parse_tunhdr(const struct nft_inner *priv,
ctx->flags |= NFT_PAYLOAD_CTX_INNER_TUN; ctx->flags |= NFT_PAYLOAD_CTX_INNER_TUN;
*off += priv->hdrsize; *off += priv->hdrsize;
switch (priv->type) {
case NFT_INNER_GENEVE: {
struct genevehdr *gnvh, _gnvh;
gnvh = skb_header_pointer(pkt->skb, pkt->inneroff,
sizeof(_gnvh), &_gnvh);
if (!gnvh)
return -1;
*off += gnvh->opt_len * 4;
}
break;
default:
break;
}
return 0; return 0;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment