On 24.11, Patrick McHardy wrote:
> On 24.11, Florian Westphal wrote:
> > +static int
> > +print_th(const struct nftnl_trace *t, char *buf, size_t size)
> > +{
> > + uint8_t proto = nftnl_trace_get_u8(t, NFTNL_TRACE_TRANSPORT_PROTO);
> > + int ret, len = size, offset = 0;
> > + const struct udphdr *uh;
> > + uint32_t plen;
> > +
> > + ret = snprintf(buf+offset, len, " protocol %u", proto);
> > +
> > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> > +
> > + switch (proto) {
> > + case IPPROTO_DCCP:
> > + case IPPROTO_SCTP:
> > + case IPPROTO_TCP:
> > + case IPPROTO_UDP:
> > + case IPPROTO_UDPLITE:
> > + break;
> > + default:
> > + return 0;
> > + }
> > +
> > + /* warning: only sport/dport are valid */
> > + uh = nftnl_trace_get_data(t, NFTNL_TRACE_TRANSPORT_HEADER, &plen);
> > + if (!uh)
> > + return 0;
> > +
> > + ret = snprintf(buf+offset, len, " sport %"PRIu16 " dport %"PRIu16,
> > + ntohs(uh->uh_sport), ntohs(uh->uh_dport));
> > +
> > + SNPRINTF_BUFFER_SIZE(ret, size, len, offset);
> > + return offset;
> > +}
> > + ...
>
> Regarding this header decoding, a further upside of using nft would be that
> we can already fully decode all known headers based on our protocol descriptions
> in a generic fashion.
>
> Basically we just splice off data from the beginning and feed it to payload
> expression decoding. That should result in a full decode of every protocol
> we support. Every improvement we will make there will automatically apply to
> decoding, like (I talked to Pablo about this for a couple of times) supporing
> encapsulated headers, like GRE/IPIP/... + inner headers.
>
> Hope I can convince you of the upsides :)
I'm giving this a shot right now. Will let you know the result.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
