Hi, On Thu, Jan 30, 2025 at 04:52:29PM +0300, Alexey Kashavkin wrote: > Hello, > > I am still figuring out the syntax for adding rules to filter IP > options. Please, if anyone has an understanding of how this works > give at least a short reply. This 'type' field is redundant. > I understand how the exthdr expression works in the kernel code. But > so far there is still a question about specifying the type field, > what is the purpose of this field here? There is also a question > about other fields, let's take for example the IP option LSRR, it > has an addr field. I assume, knowing this option from RFC791 it > specifies IP addresses, but in the case of nft it is not so, this > field has datatype intereger. Yes, this should be at least 32-bits. > With length and ptr fields it is clear, but with addr it is not. > Please write how it works, what value is substituted in the addr > field. I remember to have mentioned the limitations of this with Stephen (only a few ip options can be matched), Stephen told me this was good enough for his use case at the time. I regret I did not push back harder on this. This extension really needs more work.
