[nft PATCH 2/2] payload: fix update context with wrong byteorder

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [nft PATCH 2/2] payload: fix update context with wrong byteorder
@ 2014-07-17 17:27 Alvaro Neira Ayuso
  0 siblings, 0 replies; only message in thread
From: Alvaro Neira Ayuso @ 2014-07-17 17:27 UTC (permalink / raw)
  To: netfilter-devel; +Cc: kaber

In the evaluation step and delinealize step, we update the protocol
context. When we update the context, we expect that the expressions
are in host endian but the expressions are in big endian from this
two steps.

To fix this, We do the correct byteorder conversion for finding the
protocol number for updating the context. Example:

nft add rule bridge filter input ether type ip

We have a expression like this:

[ payload load 2b @ link header + 12 => reg 1 ]
  [ cmp eq reg 1 0x00000008 ]

The byteorder of this expressions is big endian and it's in
host endian, for that when we try to update the context, we
don't find the protocol with this number. This is a output,
example:

update network layer protocol context:
 link layer          : ether
 network layer       : none <-
 transport layer     : none

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
[Tested with the rules]
* nft add rule filter input ip protocol tcp counter
* nft add rule filter input tcp dport 22 counter
* nft add rule filter bridge input ether type ip

 src/payload.c |    7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/payload.c b/src/payload.c
index 432ce44..8b10a79 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -69,13 +69,18 @@ static void payload_expr_pctx_update(struct proto_ctx *ctx,
 {
 	const struct expr *left = expr->left, *right = expr->right;
 	const struct proto_desc *base, *desc;
+	const struct proto_hdr_template *tmpl;
+	uint32_t value = 0;
 
 	if (!(left->flags & EXPR_F_PROTOCOL))
 		return;
 
 	assert(expr->op == OP_EQ);
 	base = ctx->protocol[left->payload.base].desc;
-	desc = proto_find_upper(base, mpz_get_uint32(right->value));
+	tmpl = left->payload.tmpl;
+	mpz_export_data(&value, right->value, tmpl->dtype->byteorder,
+			div_round_up(tmpl->len, BITS_PER_BYTE));
+	desc = proto_find_upper(base, value);
 
 	proto_ctx_update(ctx, left->payload.base + 1, &expr->location, desc);
 }
-- 
1.7.10.4


^ permalink raw reply related	[flat|nested] only message in thread

only message in thread, other threads:[~2014-07-17 17:28 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-07-17 17:27 [nft PATCH 2/2] payload: fix update context with wrong byteorder Alvaro Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).