[PATCH nftables 5/7] payload: insert implicit meta tcp dependency when matching tcp options

[Manuel Messner <mm@xxxxxxxxxx>]

From: Florian Westphal <fw@xxxxxxxxx>

nft add rule inet filter input tcp option sack 4 left 1
<cmdline>:1:28-49: Error: Cannot generate dependency: no network layer protocol specified

Users can avoid this via 'meta l4proto tcp', this enables implicit
dependency injection for the inet/bridge/netdev families.

Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
Reviewed-by: Manuel Messner <mm@xxxxxxxxxx>
Signed-off-by: Manuel Messner <mm@xxxxxxxxxx>
---
 src/payload.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/src/payload.c b/src/payload.c
index efd1960..0207296 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -323,12 +323,26 @@ int exthdr_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
 	const struct proto_desc *desc;
 
 	desc = ctx->pctx.protocol[pb].desc;
-	if (desc == NULL)
+	if (desc == NULL) {
+		if (expr->exthdr.op == NFT_EXTHDR_OP_TCPOPT) {
+			switch (ctx->pctx.family) {
+			case NFPROTO_NETDEV:
+			case NFPROTO_BRIDGE:
+			case NFPROTO_INET:
+				desc = &proto_inet_service;
+				goto found;
+			default:
+				break;
+			}
+		}
+
 		return expr_error(ctx->msgs, expr,
 				  "Cannot generate dependency: "
 				  "no %s protocol specified",
 				  proto_base_names[pb]);
+	}
 
+ found:
 	return payload_add_dependency(ctx, desc, dependency, expr, res);
 }
 
-- 
2.11.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html