payload: insert implicit meta tcp dependency when matching tcp options

nft add rule inet filter input tcp option sack 4 left 1
<cmdline>:1:28-49: Error: Cannot generate dependency: no network layer protocol specified

Users can avoid this via 'meta l4proto tcp', this enables implicit
dependency injection for the inet/bridge/netdev families.

Reviewed-by: Manuel Messner <mm@skelett.io>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/payload.c b/src/payload.c
index efd19602d01d4b0d806c25ecbb2e89eba0da62ad..0207296e5f61538e479e63b5a368d714ef6938a2 100644 (file)
--- a/src/payload.c
+++ b/src/payload.c
@@ -323,12 +323,26 @@ int exthdr_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
        const struct proto_desc *desc;
 
        desc = ctx->pctx.protocol[pb].desc;
-       if (desc == NULL)
+       if (desc == NULL) {
+               if (expr->exthdr.op == NFT_EXTHDR_OP_TCPOPT) {
+                       switch (ctx->pctx.family) {
+                       case NFPROTO_NETDEV:
+                       case NFPROTO_BRIDGE:
+                       case NFPROTO_INET:
+                               desc = &proto_inet_service;
+                               goto found;
+                       default:
+                               break;
+                       }
+               }
+
                return expr_error(ctx->msgs, expr,
                                  "Cannot generate dependency: "
                                  "no %s protocol specified",
                                  proto_base_names[pb]);
+       }
 
+ found:
        return payload_add_dependency(ctx, desc, dependency, expr, res);
 }