Commit 0db14b95 authored by Pablo Neira Ayuso's avatar Pablo Neira Ayuso
Browse files

netfilter: nft_inner: add geneve support 



Geneve tunnel header may contain options, parse geneve header and update
offset to point to the link layer header according to the opt_len field.

Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>
parent a150d122

include/uapi/linux/netfilter/nf_tables.h

+1 −0
Original line number Diff line number Diff line
@@ -783,6 +783,7 @@ enum nft_payload_csum_flags { 
enum nft_inner_type {

	NFT_INNER_UNSPEC	= 0,

	NFT_INNER_VXLAN,

	NFT_INNER_GENEVE,

};



enum nft_inner_flags {

net/netfilter/nft_inner.c

+17 −0
Original line number Diff line number Diff line
@@ -17,6 +17,7 @@ 
#include <linux/tcp.h>

#include <linux/udp.h>

#include <net/gre.h>

#include <net/geneve.h>

#include <net/ip.h>

#include <linux/icmpv6.h>

#include <linux/ip.h>
@@ -181,6 +182,22 @@ static int nft_inner_parse_tunhdr(const struct nft_inner *priv, 
	ctx->flags |= NFT_PAYLOAD_CTX_INNER_TUN;

	*off += priv->hdrsize;



	switch (priv->type) {

	case NFT_INNER_GENEVE: {

		struct genevehdr *gnvh, _gnvh;



		gnvh = skb_header_pointer(pkt->skb, pkt->inneroff,

					  sizeof(_gnvh), &_gnvh);

		if (!gnvh)

			return -1;



		*off += gnvh->opt_len * 4;

		}

		break;

	default:

		break;

	}



	return 0;

}