On Tue, Dec 05, 2023 at 02:00:01AM +0100, Florian Westphal wrote:
[...]
> @@ -182,13 +189,21 @@ struct expr *tcpopt_expr_alloc(const struct location *loc,
> desc = tcpopt_protocols[kind];
>
> if (!desc) {
> - if (field != TCPOPT_COMMON_KIND || kind > 255)
> + if (kind > 255)
> + return NULL;
> +
> + switch (field) {
> + case TCPOPT_COMMON_KIND:
> + case TCPOPT_COMMON_LENGTH:
> + break;
> + default:
> return NULL;
> + }
>
> expr = expr_alloc(loc, EXPR_EXTHDR, &integer_type,
> BYTEORDER_BIG_ENDIAN, 8);
>
> - desc = tcpopt_protocols[TCPOPT_NOP];
> + desc = &tcpopt_fallback;
> tmpl = &desc->templates[field];
> expr->exthdr.desc = desc;
> expr->exthdr.tmpl = tmpl;
I believe this is missing in this patch:
expr->exthdr.offset = tmpl->offset;
so it matches at offset 1, not 0:
[ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000004 ]
