parser_bison: turn redundant ip option type field match into boolean

commit f9a48ce2f9c252bf74d98d10412b1f72585a45ec upstream.

The ip option expression allows for non-sense matching like:

	ip option lsrr type 1

because 'lsrr' already provides the type field, this never results in a
matching.

Turn this expression into:

	ip option lsrr exists

And update documentation to hide this redundant type field.

Fixes: 226a0e072d5c ("exthdr: add support for matching IPv4 options")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
index 9a761b71769ee40074170ed29cbe105b53908d36..9112fa0a1d8b46bc8fb5d556ca8631c53f962595 100644 (file)
--- a/doc/payload-expression.txt
+++ b/doc/payload-expression.txt
@@ -669,16 +669,16 @@ TCP option matching also supports raw expression syntax to access arbitrary opti
 |Keyword| Description | IP option fields
 |lsrr|
 Loose Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |ra|
 Router Alert |
-type, length, value
+length, value
 |rr|
 Record Route |
-type, length, ptr, addr
+length, ptr, addr
 |ssrr|
 Strict Source Route |
-type, length, ptr, addr
+length, ptr, addr
 |============================
 
 .finding TCP options

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 3258c7e632c0966ef74a2679a1bb36525bf6738d..526285dace0fb2f0903312284cd646fda837409d 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -5556,6 +5556,9 @@ ip_hdr_expr               :       IP      ip_hdr_field    close_scope_ip
                                        erec_queue(error(&@1, "unknown ip option type/field"), state->msgs);
                                        YYERROR;
                                }
+
+                               if ($4 == IPOPT_FIELD_TYPE)
+                                       $$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
                        }
                        |       IP      OPTION  ip_option_type close_scope_ip
                        {