[PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: davem@davemloft.net, netdev@vger.kernel.org, kuba@kernel.org,
	pabeni@redhat.com, edumazet@google.com
Subject: [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset
Date: Wed, 26 Oct 2022 15:22:21 +0200	[thread overview]
Message-ID: <20221026132227.3287-5-pablo@netfilter.org> (raw)
In-Reply-To: <20221026132227.3287-1-pablo@netfilter.org>

Parse GRE v0 packets to properly set up inner offset, this allow for
matching on inner headers.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 net/netfilter/nft_payload.c | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)

diff --git a/net/netfilter/nft_payload.c b/net/netfilter/nft_payload.c
index 07621d509a68..03a1f271bf4f 100644
--- a/net/netfilter/nft_payload.c
+++ b/net/netfilter/nft_payload.c
@@ -19,6 +19,7 @@
 /* For layer 4 checksum field offset. */
 #include <linux/tcp.h>
 #include <linux/udp.h>
+#include <net/gre.h>
 #include <linux/icmpv6.h>
 #include <linux/ip.h>
 #include <linux/ipv6.h>
@@ -100,6 +101,37 @@ static int __nft_payload_inner_offset(struct nft_pktinfo *pkt)
 		pkt->inneroff = thoff + __tcp_hdrlen(th);
 		}
 		break;
+	case IPPROTO_GRE: {
+		u32 offset = sizeof(struct gre_base_hdr), version;
+		struct gre_base_hdr *gre, _gre;
+
+		gre = skb_header_pointer(pkt->skb, thoff, sizeof(_gre), &_gre);
+		if (!gre)
+			return -1;
+
+		version = gre->flags & GRE_VERSION;
+		switch (version) {
+		case GRE_VERSION_0:
+			if (gre->flags & GRE_ROUTING)
+				return -1;
+
+			if (gre->flags & GRE_CSUM) {
+				offset += sizeof_field(struct gre_full_hdr, csum) +
+					  sizeof_field(struct gre_full_hdr, reserved1);
+			}
+			if (gre->flags & GRE_KEY)
+				offset += sizeof_field(struct gre_full_hdr, key);
+
+			if (gre->flags & GRE_SEQ)
+				offset += sizeof_field(struct gre_full_hdr, seq);
+			break;
+		default:
+			return -1;
+		}
+
+		pkt->inneroff = thoff + offset;
+		}
+		break;
 	default:
 		return -1;
 	}
-- 
2.30.2

next prev parent reply	other threads:[~2022-10-26 13:23 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-10-26 13:22 [PATCH net-next 00/10] Netfilter updates for net-next Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 01/10] netfilter: nft_payload: move struct nft_payload_set definition where it belongs Pablo Neira Ayuso
2022-10-28  4:10   ` patchwork-bot+netdevbpf
2022-10-26 13:22 ` [PATCH net-next 02/10] netfilter: nf_tables: reduce nft_pktinfo by 8 bytes Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 03/10] netfilter: nft_objref: make it builtin Pablo Neira Ayuso
2022-10-26 13:22 ` Pablo Neira Ayuso [this message]
2022-10-28  3:35   ` [PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset Jakub Kicinski
2022-10-26 13:22 ` [PATCH net-next 05/10] netfilter: nft_payload: access ipip payload for " Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 06/10] netfilter: nft_inner: support for inner tunnel header matching Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 07/10] netfilter: nft_inner: add percpu inner context Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 08/10] netfilter: nft_meta: add inner match support Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 09/10] netfilter: nft_inner: add geneve support Pablo Neira Ayuso
2022-10-26 13:22 ` [PATCH net-next 10/10] netfilter: nft_inner: set tunnel offset to GRE header offset Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:07621d509a6 dfblob:03a1f271bf4 )
 OR (
bs:"[PATCH net-next 04/10] netfilter: nft_payload: access GRE payload via inner offset" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20221026132227.3287-5-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=davem@davemloft.net \
    --cc=edumazet@google.com \
    --cc=kuba@kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pabeni@redhat.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.