netfilter: nft_payload: support for inner header matching / mangling

[ Upstream commit c46b38dc8743535e686b911d253a844f0bd50ead ] Allow to match and mangle on inner headers / payload data after the transport header. There is a new field in the pktinfo structure that stores the inner header offset which is calculated only when requested. Only TCP and UDP supported at this stage. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Sasha Levin <sashal@kernel.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2021-10-28 23:15:00 +0300
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2022-07-12 17:34:55 +0300
commit: 5445819e76a6fbcb9a848efd5569ea27e547f6ab (patch)
tree: fd7621e98c1c33a4ae9f5053989965d45e834392 /include/uapi/linux
parent: 0d9bd7e6ac3af627df314b0800b778b7912576b7 (diff)
download: linux-5445819e76a6fbcb9a848efd5569ea27e547f6ab.tar.xz
1 files changed, 2 insertions, 0 deletions
diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h
index e94d1fa554cb..07871c8a0601 100644
--- a/include/uapi/linux/netfilter/nf_tables.h
+++ b/include/uapi/linux/netfilter/nf_tables.h
@@ -753,11 +753,13 @@ enum nft_dynset_attributes {
  * @NFT_PAYLOAD_LL_HEADER: link layer header
  * @NFT_PAYLOAD_NETWORK_HEADER: network header
  * @NFT_PAYLOAD_TRANSPORT_HEADER: transport header
+ * @NFT_PAYLOAD_INNER_HEADER: inner header / payload
  */
 enum nft_payload_bases {
 	NFT_PAYLOAD_LL_HEADER,
 	NFT_PAYLOAD_NETWORK_HEADER,
 	NFT_PAYLOAD_TRANSPORT_HEADER,
+	NFT_PAYLOAD_INNER_HEADER,
 };
 
 /**
author	Pablo Neira Ayuso <pablo@netfilter.org>	2021-10-28 23:15:00 +0300
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2022-07-12 17:34:55 +0300
commit	5445819e76a6fbcb9a848efd5569ea27e547f6ab (patch)
tree	fd7621e98c1c33a4ae9f5053989965d45e834392 /include/uapi/linux
parent	0d9bd7e6ac3af627df314b0800b778b7912576b7 (diff)
download	linux-5445819e76a6fbcb9a848efd5569ea27e547f6ab.tar.xz