From: Álvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
In all case that we have added a payload dependency, we have supposed
that the byteorder must to be BYTEORDER_HOST_ENDIAN, the problem is
when we want to add a dependency that the value has another byteorder.
For example, if we try to add a new payload dependency in a bridge table
and we use ether type, the byteorder is BYTEORDER_BIG_ENDIAN. The value
of the type ip is 0x0800 in ether but when we add the payload dependency
for this specific protocol, we will have a payload like this:
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
This patch allows to create payload dependency with the byteorder of the
template. For that I have updated the function for updating the context for
using the byteorder of the template too. With this changes we have a payload
with the correct format:
[ payload load 2b @ link header + 12 => reg 1 ]
[ cmp eq reg 1 0x00000800 ]
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
---
[tested with the rules]
nft add rule filter input ip protocol tcp counter
nft add rule filter input ip protocol udp counter
nft add rule filter input tcp dport 22 counter
src/payload.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/payload.c b/src/payload.c
index a1785a5..fb78ba5 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -69,13 +69,18 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
{
const struct expr *left = expr->left, *right = expr->right;
const struct proto_desc *base, *desc;
+ const struct proto_hdr_template *tmpl;
+ uint32_t value = 0;
if (!(left->flags & EXPR_F_PROTOCOL))
return;
assert(expr->op == OP_EQ);
base = ctx->protocol[left->payload.base].desc;
- desc = proto_find_upper(base, mpz_get_uint32(right->value));
+ tmpl = &base->templates[base->protocol_key];
+ mpz_export_data(&value, right->value, tmpl->dtype->byteorder,
+ div_round_up(tmpl->len, BITS_PER_BYTE));
+ desc = proto_find_upper(base, value);
proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc);
}
@@ -208,7 +213,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
left = payload_expr_alloc(&expr->location, desc, desc->protocol_key);
right = constant_expr_alloc(&expr->location, tmpl->dtype,
- BYTEORDER_HOST_ENDIAN,
+ tmpl->dtype->byteorder,
tmpl->len,
constant_data_ptr(protocol, tmpl->len));
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
