netfilter: nft_payload: access ipip payload for inner offset

ipip is an special case, transport and inner header offset are set to
the same offset to use the upcoming inner expression for matching on
inner tunnel headers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 03a1f27..84b490d 100644 (file)
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -132,6 +132,9 @@ static int __nft_payload_inner_offset(struct nft_pktinfo *pkt)
                pkt->inneroff = thoff + offset;
                }
                break;
+       case IPPROTO_IPIP:
+               pkt->inneroff = thoff;
+               break;
        default:
                return -1;
        }