On Fri, Jul 11, 2014 at 10:44:14AM +0200, Alvaro Neira Ayuso wrote:
> From: Álvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
>
> In all case that we have added a payload dependency, we have supposed
> that the byteorder must to be BYTEORDER_HOST_ENDIAN, the problem is
> when we want to add a dependency that the value has another byteorder.
> For example, if we try to add a new payload dependency in a bridge table
> and we use ether type, the byteorder is BYTEORDER_BIG_ENDIAN. The value
> of the type ip is 0x0800 in ether but when we add the payload dependency
> for this specific protocol, we will have a payload like this:
>
> [ payload load 2b @ link header + 12 => reg 1 ]
> [ cmp eq reg 1 0x00000008 ]
>
> This patch allows to create payload dependency with the byteorder of the
> template. For that I have updated the function for updating the context for
> using the byteorder of the template too. With this changes we have a payload
> with the correct format:
>
> [ payload load 2b @ link header + 12 => reg 1 ]
> [ cmp eq reg 1 0x00000800 ]
>
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
> ---
> [tested with the rules]
>
> nft add rule filter input ip protocol tcp counter
> nft add rule filter input ip protocol udp counter
> nft add rule filter input tcp dport 22 counter
>
> src/payload.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/payload.c b/src/payload.c
> index a1785a5..fb78ba5 100644
> --- a/src/payload.c
> +++ b/src/payload.c
> @@ -69,13 +69,18 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
> {
> const struct expr *left = expr->left, *right = expr->right;
> const struct proto_desc *base, *desc;
> + const struct proto_hdr_template *tmpl;
> + uint32_t value = 0;
^^^^
This initialization seems unnecessary.
> if (!(left->flags & EXPR_F_PROTOCOL))
> return;
>
> assert(expr->op == OP_EQ);
> base = ctx->protocol[left->payload.base].desc;
> - desc = proto_find_upper(base, mpz_get_uint32(right->value));
> + tmpl = &base->templates[base->protocol_key];
> + mpz_export_data(&value, right->value, tmpl->dtype->byteorder,
> + div_round_up(tmpl->len, BITS_PER_BYTE));
> + desc = proto_find_upper(base, value);
>
> proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc);
> }
> @@ -208,7 +213,7 @@ int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
> left = payload_expr_alloc(&expr->location, desc, desc->protocol_key);
>
> right = constant_expr_alloc(&expr->location, tmpl->dtype,
> - BYTEORDER_HOST_ENDIAN,
> + tmpl->dtype->byteorder,
> tmpl->len,
> constant_data_ptr(protocol, tmpl->len));
>
> --
> 1.7.10.4
>
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
