From: Alvaro Neira Ayuso <alvaroneay@gmail.com>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [nft PATCH 4/5 v2] src: fix byteorder conversions in range values
Date: Mon, 4 Aug 2014 18:00:10 +0200 [thread overview]
Message-ID: <1407168011-6424-5-git-send-email-alvaroneay@gmail.com> (raw)
In-Reply-To: <1407168011-6424-1-git-send-email-alvaroneay@gmail.com>
Currently when we try to use range values in nft rules doesn't
work correctly. Usually this problem is related to incorrect byteorder
conversion. I make the following solution for showing the range in
the correct byteorder.
Example:
* nft add rule filter input tcp checksum 22-55
* nft list table filter
tcp checksum >= 5632 tcp checksum <= 14080
And now, if we show it:
* nft add rule filter input tcp checksum 22-55
* nft list table filter
tcp checksum >= 22 tcp checksum <= 55
Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
[changes in v2]
* Changed the solution for big endian and host endian cases.
src/netlink_delinearize.c | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 1035e32..af18dcc 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -627,6 +627,17 @@ static void payload_dependency_store(struct rule_pp_ctx *ctx,
ctx->pdep = stmt;
}
+static void payload_elem_postprocess(struct expr *expr)
+{
+ switch (expr->ops->type) {
+ case EXPR_VALUE:
+ expr_switch_byteorder(expr);
+ break;
+ default:
+ break;
+ }
+}
+
static void payload_match_postprocess(struct rule_pp_ctx *ctx,
struct stmt *stmt, struct expr *expr)
{
@@ -677,6 +688,14 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
payload_expr_complete(left, &ctx->pctx);
expr_set_type(expr->right, expr->left->dtype,
expr->left->byteorder);
+
+ /* If we have rules that we have used payload with ranges or set
+ * we must to convert it to host endian for representing it
+ * correctly
+ */
+ if (left->dtype->byteorder == BYTEORDER_BIG_ENDIAN)
+ payload_elem_postprocess(expr->right);
+
payload_dependency_kill(ctx, expr->left);
break;
}
--
1.7.10.4
next prev parent reply other threads:[~2014-08-04 16:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-08-04 16:00 [nft PATCH 0/5] Changes in nft byteorder conversions Alvaro Neira Ayuso
2014-08-04 16:00 ` [nft PATCH 1/5] payload: fix update context with wrong byteorder Alvaro Neira Ayuso
2014-08-16 14:17 ` Patrick McHardy
2014-08-04 16:00 ` [nft PATCH 2/5] payload: generate dependency in the correct byteorder Alvaro Neira Ayuso
2014-08-16 14:19 ` Patrick McHardy
2014-08-04 16:00 ` [nft PATCH 3/5 v3] src: fix byteorder conversions in constant values Alvaro Neira Ayuso
2014-08-16 14:45 ` Patrick McHardy
2014-08-04 16:00 ` Alvaro Neira Ayuso [this message]
2014-08-04 16:00 ` [nft PATCH 5/5 v2] src: fix byteorder conversions in sets Alvaro Neira Ayuso
2014-08-04 16:15 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1407168011-6424-5-git-send-email-alvaroneay@gmail.com \
--to=alvaroneay@gmail.com \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).