On Wed, Mar 05, 2025 at 10:03:28PM +0100, Pablo Neira Ayuso wrote:
> On Thu, Feb 27, 2025 at 03:52:06PM +0100, Florian Westphal wrote:
> > Allow users to do
> > tcp option mptcp subtype mp-capable
> >
> > instead of having to use the raw values described in rfc8684.
> >
> > First patch adds this, rest of the patches resolve printing issues
> > when the mptcp option match is used in sets and concatenations.
>
> For this series.
>
> Reviewed-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
BTW, maybe add this too?
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 2a155aa87b6f..c363ba355138 100644
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -735,7 +735,7 @@ nftables currently supports matching (finding) a given ipv6 extension header, TC
The following syntaxes are valid only in a relational expression with boolean type on right-hand side for checking header existence only:
[verse]
*exthdr* {*hbh* | *frag* | *rt* | *dst* | *mh*}
-*tcp option* {*eol* | *nop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp*}
+*tcp option* {*eol* | *nop* | *maxseg* | *window* | *sack-perm* | *sack* | *sack0* | *sack1* | *sack2* | *sack3* | *timestamp* | *mptcp*}
*ip option* { lsrr | ra | rr | ssrr }
*dccp option* 'dccp_option_type'
@@ -794,6 +794,9 @@ length, left, right
|timestamp|
TCP Timestamps |
length, tsval, tsecr
+|mptcp|
+MPTCP Option Subtype |
+subtype
|============================
TCP option matching also supports raw expression syntax to access arbitrary options:
