On 24.11, Florian Westphal wrote:
> +static int
> +print_th(const struct nftnl_trace *t, char *buf, size_t size)
> +{
> + uint8_t proto = nftnl_trace_get_u8(t, NFTNL_TRACE_TRANSPORT_PROTO);
> + int ret, len = size, offset = 0;
> + const struct udphdr *uh;
> + uint32_t plen;
> +
> + ret = snprintf(buf+offset, len, " protocol %u", proto);
> +
> + SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> +
> + switch (proto) {
> + case IPPROTO_DCCP:
> + case IPPROTO_SCTP:
> + case IPPROTO_TCP:
> + case IPPROTO_UDP:
> + case IPPROTO_UDPLITE:
> + break;
> + default:
> + return 0;
> + }
> +
> + /* warning: only sport/dport are valid */
> + uh = nftnl_trace_get_data(t, NFTNL_TRACE_TRANSPORT_HEADER, &plen);
> + if (!uh)
> + return 0;
> +
> + ret = snprintf(buf+offset, len, " sport %"PRIu16 " dport %"PRIu16,
> + ntohs(uh->uh_sport), ntohs(uh->uh_dport));
> +
> + SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> + return offset;
> +}
> + ...
Regarding this header decoding, a further upside of using nft would be that
we can already fully decode all known headers based on our protocol descriptions
in a generic fashion.
Basically we just splice off data from the beginning and feed it to payload
expression decoding. That should result in a full decode of every protocol
we support. Every improvement we will make there will automatically apply to
decoding, like (I talked to Pablo about this for a couple of times) supporing
encapsulated headers, like GRE/IPIP/... + inner headers.
Hope I can convince you of the upsides :)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
