parser_bison: turn redundant ip option type field match into boolean

The ip option expression allows for non-sense matching like:

	ip option lsrr type 1

because 'lsrr' already provides the type field, this never results in a
matching.

Turn this expression into:

	ip option lsrr exists

And update documentation to hide this redundant type field.

Fixes: 226a0e072d5c ("exthdr: add support for matching IPv4 options")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 7bc24a8a6502f0d3566cc9d10075799802fbefa1..2a155aa87b6f52192435e7dd4603676d45a148e0 100644 (file)
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -808,16 +808,16 @@ TCP option matching also supports raw expression syntax to access arbitrary opti
 |Keyword| Description | IP option fields
 |lsrr|
 Loose Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |ra|
 Router Alert |
-type, length, value
+length, value
 |rr|
 Record Route |
-type, length, ptr, addr
+length, ptr, addr
 |ssrr|
 Strict Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |============================
 
 .finding TCP options

diff --git a/src/parser_bison.y b/src/parser_bison.y
index c8714812532def63fd1354a41056915c72fe31a4..d15bf212489d53d62925b041d92589fc4f36dd0a 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5698,6 +5698,9 @@ ip_hdr_expr               :       IP      ip_hdr_field    close_scope_ip
                                        erec_queue(error(&@1, "unknown ip option type/field"), state->msgs);
                                        YYERROR;
                                }
+
+                               if ($4 == IPOPT_FIELD_TYPE)
+                                       $$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
                        }
                        |       IP      OPTION  ip_option_type close_scope_ip
                        {