[nft PATCH] src: add specific byteorder to the struct proto_hdr_template

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



If we try to add a rule like:

nft add rule filter input udp length {55-9999}

nft shows:

BUG: invalid byte order conversion 0 => 2
nft: src/evaluate.c:153: byteorder_conversion_op: Assertion `0' failed.

Some of the existing payload fields rely on BYTEORDER_INVALID. Therefore, if we
try to convert it in evaluation step, we hit this bug.

This patch allows to add a specific byteorder to the struct proto_hdr_template. If
we create a expression with a invalid byteorder, we will use the byteorder
added to the proto_hdr_template structure.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@xxxxxxxxx>
---
[Tested with the rules]
* nft add rule ip filter input ip length 10-55 counter
* nft add rule ip filter input ip length 55-1000 counter
* nft add rule ip filter input udp length {0-100} udp dport 9999 counter
* nft add rule ip filter input udp length {100-9999} udp dport 9999 counter
* Tested with Ana Rey's tests.

 include/proto.h |    5 ++++-
 src/exthdr.c    |    6 +++++-
 src/payload.c   |    2 +-
 src/proto.c     |    6 ++++--
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/include/proto.h b/include/proto.h
index bd3701e..cc1f51f 100644
--- a/include/proto.h
+++ b/include/proto.h
@@ -2,6 +2,7 @@
 #define NFTABLES_PROTO_H
 
 #include <nftables.h>
+#include <datatype.h>
 #include <linux/netfilter/nf_tables.h>
 
 /**
@@ -38,13 +39,15 @@ struct proto_hdr_template {
 	const struct datatype		*dtype;
 	uint16_t			offset;
 	uint16_t			len;
+	enum byteorder			byteorder;
 	enum nft_meta_keys		meta_key;
 };
 
-#define PROTO_HDR_TEMPLATE(__token, __dtype,  __offset, __len)		\
+#define PROTO_HDR_TEMPLATE(__token, __dtype,  __byteorder, __offset, __len)\
 	{								\
 		.token		= (__token),				\
 		.dtype		= (__dtype),				\
+		.byteorder	= (__byteorder),			\
 		.offset		= (__offset),				\
 		.len		= (__len),				\
 	}
diff --git a/src/exthdr.c b/src/exthdr.c
index a619ecc..9ed0b6a 100644
--- a/src/exthdr.c
+++ b/src/exthdr.c
@@ -48,7 +48,7 @@ static const struct expr_ops exthdr_expr_ops = {
 };
 
 static const struct proto_hdr_template exthdr_unknown_template =
-	PROTO_HDR_TEMPLATE("unknown", &invalid_type, 0, 0);
+	PROTO_HDR_TEMPLATE("unknown", &invalid_type, BYTEORDER_INVALID, 0, 0);
 
 struct expr *exthdr_expr_alloc(const struct location *loc,
 			       const struct exthdr_desc *desc,
@@ -102,6 +102,7 @@ void exthdr_init_raw(struct expr *expr, uint8_t type,
 
 #define HDR_TEMPLATE(__name, __dtype, __type, __member)			\
 	PROTO_HDR_TEMPLATE(__name, __dtype,				\
+			   BYTEORDER_BIG_ENDIAN,			\
 			   offsetof(__type, __member) * 8,		\
 			   field_sizeof(__type, __member) * 8)
 
@@ -179,10 +180,13 @@ const struct exthdr_desc exthdr_frag = {
 		[FRAGHDR_NEXTHDR]	= FRAG_FIELD("nexthdr", ip6f_nxt, &inet_protocol_type),
 		[FRAGHDR_RESERVED]	= FRAG_FIELD("reserved", ip6f_reserved, &integer_type),
 		[FRAGHDR_FRAG_OFF]	= PROTO_HDR_TEMPLATE("frag-off", &integer_type,
+							  BYTEORDER_BIG_ENDIAN,
 							  16, 13),
 		[FRAGHDR_RESERVED2]	= PROTO_HDR_TEMPLATE("reserved2", &integer_type,
+							  BYTEORDER_BIG_ENDIAN,
 							  29, 2),
 		[FRAGHDR_MFRAGS]	= PROTO_HDR_TEMPLATE("more-fragments", &integer_type,
+							  BYTEORDER_BIG_ENDIAN,
 							  31, 1),
 		[FRAGHDR_ID]		= FRAG_FIELD("id", ip6f_ident, &integer_type),
 	},
diff --git a/src/payload.c b/src/payload.c
index 7297520..a3bbe51 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -117,7 +117,7 @@ struct expr *payload_expr_alloc(const struct location *loc,
 	}
 
 	expr = expr_alloc(loc, &payload_expr_ops, tmpl->dtype,
-			  tmpl->dtype->byteorder, tmpl->len);
+			  tmpl->byteorder, tmpl->len);
 	expr->flags |= flags;
 
 	expr->payload.desc   = desc;
diff --git a/src/proto.c b/src/proto.c
index 15a456a..4f22d40 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -38,7 +38,7 @@ const char *proto_base_tokens[] = {
 };
 
 const struct proto_hdr_template proto_unknown_template =
-	PROTO_HDR_TEMPLATE("unknown", &invalid_type, 0, 0);
+	PROTO_HDR_TEMPLATE("unknown", &invalid_type, BYTEORDER_INVALID, 0, 0);
 
 const struct proto_desc proto_unknown = {
 	.name		= "unknown",
@@ -186,13 +186,15 @@ void proto_ctx_update(struct proto_ctx *ctx, enum proto_bases base,
 
 #define HDR_TEMPLATE(__name, __dtype, __type, __member)			\
 	PROTO_HDR_TEMPLATE(__name, __dtype,				\
+			   BYTEORDER_BIG_ENDIAN,			\
 			   offsetof(__type, __member) * 8,		\
 			   field_sizeof(__type, __member) * 8)
 
 #define HDR_FIELD(__name, __struct, __member)				\
 	HDR_TEMPLATE(__name, &integer_type, __struct, __member)
 #define HDR_BITFIELD(__name, __dtype,  __offset, __len)			\
-	PROTO_HDR_TEMPLATE(__name, __dtype, __offset, __len)
+	PROTO_HDR_TEMPLATE(__name, __dtype, BYTEORDER_BIG_ENDIAN,	\
+			   __offset, __len)
 #define HDR_TYPE(__name, __dtype, __struct, __member)			\
 	HDR_TEMPLATE(__name, __dtype, __struct, __member)
 
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux