From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org, Yi Chen <yiche@redhat.com>
Subject: Re: [nft PATCH] fib: Fix for existence check on Big Endian
Date: Wed, 10 Sep 2025 00:48:46 +0200 [thread overview]
Message-ID: <aMCuzr9SaA--RG3f@orbyte.nwl.cc> (raw)
In-Reply-To: <aMCdSDWhxCJM_kjY@calendula>
Hi Pablo,
On Tue, Sep 09, 2025 at 11:34:00PM +0200, Pablo Neira Ayuso wrote:
> On Tue, Sep 09, 2025 at 10:49:48PM +0200, Phil Sutter wrote:
> > Adjust the expression size to 1B so cmp expression value is correct.
> > Without this, the rule 'fib saddr . iif check exists' generates
> > following byte code on BE:
> >
> > | [ fib saddr . iif oif present => reg 1 ]
> > | [ cmp eq reg 1 0x00000001 ]
> >
> > Though with NFTA_FIB_F_PRESENT flag set, nft_fib.ko writes to the first
> > byte of reg 1 only (using nft_reg_store8()). With this patch in place,
> > byte code is correct:
> >
> > | [ fib saddr . iif oif present => reg 1 ]
> > | [ cmp eq reg 1 0x01000000 ]
>
> Is this a generic issue of boolean that is using 1 bit?
>
> const struct datatype boolean_type = {
> .type = TYPE_BOOLEAN,
> .name = "boolean",
> .desc = "boolean type",
> .size = 1,
Maybe, yes: I compared fib existence checks to exthdr ones in order to
find the bug. With exthdr, we know in parser already that it is an
existence check (see exthdr_exists_expr rule in parser_bison.y). If so,
exthdr expression is allocated with type 1 which is (assumed to be) the
NEXTHDR field in all extension headers. This field has
inet_protocol_type, which is size 8b.
Via expr_ctx::len, RHS will then be adjusted to 8b size (see 'expr->len =
masklen' in expr_evaluate_integer()).
IIRC, LHS defines the RHS size in relationals. I am not sure if we may
sanely reverse this rule if RHS is a boolean_type.
Cheers, Phil
next prev parent reply other threads:[~2025-09-09 22:48 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-09 20:49 [nft PATCH] fib: Fix for existence check on Big Endian Phil Sutter
2025-09-09 21:34 ` Pablo Neira Ayuso
2025-09-09 22:48 ` Phil Sutter [this message]
2025-09-11 8:14 ` Pablo Neira Ayuso
2025-09-11 10:19 ` Phil Sutter
2025-09-11 14:20 ` Pablo Neira Ayuso
2025-09-11 16:17 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=aMCuzr9SaA--RG3f@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=yiche@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.