The ip option expression allows for non-sense matching like:
ip option lsrr type 1
because 'lsrr' already provides the type field, this never results in a
matching.
Turn this expression into:
ip option lsrr exists
And update documentation to hide this redundant type field.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
doc/payload-expression.txt | 8 ++++----
src/parser_bison.y | 3 +++
2 files changed, 7 insertions(+), 4 deletions(-)
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 7bc24a8a6502..2a155aa87b6f 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -808,16 +808,16 @@ TCP option matching also supports raw expression syntax to access arbitrary opti
|Keyword| Description | IP option fields
|lsrr|
Loose Source Route |
-type, length, ptr, addr
+length, ptr, addr
|ra|
Router Alert |
-type, length, value
+length, value
|rr|
Record Route |
-type, length, ptr, addr
+length, ptr, addr
|ssrr|
Strict Source Route |
-type, length, ptr, addr
+length, ptr, addr
|============================
.finding TCP options
diff --git a/src/parser_bison.y b/src/parser_bison.y
index c8714812532d..d15bf212489d 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5698,6 +5698,9 @@ ip_hdr_expr : IP ip_hdr_field close_scope_ip
erec_queue(error(&@1, "unknown ip option type/field"), state->msgs);
YYERROR;
}
+
+ if ($4 == IPOPT_FIELD_TYPE)
+ $$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
}
| IP OPTION ip_option_type close_scope_ip
{
--
2.30.2
