From: Pablo Neira Ayuso Date: Fri, 31 Jan 2025 10:14:22 +0000 (+0100) Subject: parser_bison: turn redundant ip option type field match into boolean X-Git-Tag: v1.1.2~85 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f9a48ce2f9c252bf74d98d10412b1f72585a45ec;p=thirdparty%2Fnftables.git parser_bison: turn redundant ip option type field match into boolean The ip option expression allows for non-sense matching like: ip option lsrr type 1 because 'lsrr' already provides the type field, this never results in a matching. Turn this expression into: ip option lsrr exists And update documentation to hide this redundant type field. Fixes: 226a0e072d5c ("exthdr: add support for matching IPv4 options") Signed-off-by: Pablo Neira Ayuso --- diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt index 7bc24a8a..2a155aa8 100644 --- a/doc/payload-expression.txt +++ b/doc/payload-expression.txt @@ -808,16 +808,16 @@ TCP option matching also supports raw expression syntax to access arbitrary opti |Keyword| Description | IP option fields |lsrr| Loose Source Route | -type, length, ptr, addr +length, ptr, addr |ra| Router Alert | -type, length, value +length, value |rr| Record Route | -type, length, ptr, addr +length, ptr, addr |ssrr| Strict Source Route | -type, length, ptr, addr +length, ptr, addr |============================ .finding TCP options diff --git a/src/parser_bison.y b/src/parser_bison.y index c8714812..d15bf212 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -5698,6 +5698,9 @@ ip_hdr_expr : IP ip_hdr_field close_scope_ip erec_queue(error(&@1, "unknown ip option type/field"), state->msgs); YYERROR; } + + if ($4 == IPOPT_FIELD_TYPE) + $$->exthdr.flags = NFT_EXTHDR_F_PRESENT; } | IP OPTION ip_option_type close_scope_ip {