[PATCH nft 1/3] src: generate set members using integer_type in the appropriate byteorder

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net
Subject: [PATCH nft 1/3] src: generate set members using integer_type in the appropriate byteorder
Date: Mon,  8 Dec 2014 23:24:32 +0100	[thread overview]
Message-ID: <1418077474-6431-1-git-send-email-pablo@netfilter.org> (raw)

Rules with header fields that rely on the generic integer datatype
from sets are not matching, eg.

 nft add rule filter input udp length { 9 } counter

This set member is an integer represented in host byte order, which
obviously doesn't match the header field (in network byte order).

Since the integer datatype has no specific byteorder, we have to rely
on the expression byteorder instead when configuring the context,
before we evaluate the list of set members.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/expression.h |   16 ++++++++++++++--
 src/evaluate.c       |    4 +++-
 2 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/include/expression.h b/include/expression.h
index 59fa5f3..4b96879 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -96,19 +96,31 @@ enum symbol_types {
  * struct expr_ctx - type context for symbol parsing during evaluation
  *
  * @dtype:	expected datatype
+ * @byteorder:	expected byteorder
  * @len:	expected len
  */
 struct expr_ctx {
 	const struct datatype	*dtype;
+	enum byteorder		byteorder;
 	unsigned int		len;
 };
 
+static inline void __expr_set_context(struct expr_ctx *ctx,
+				      const struct datatype *dtype,
+				      enum byteorder byteorder,
+				      unsigned int len)
+{
+	ctx->dtype	= dtype;
+	ctx->byteorder	= byteorder;
+	ctx->len	= len;
+}
+
 static inline void expr_set_context(struct expr_ctx *ctx,
 				    const struct datatype *dtype,
 				    unsigned int len)
 {
-	ctx->dtype = dtype;
-	ctx->len   = len;
+	__expr_set_context(ctx, dtype,
+			   dtype ? dtype->byteorder : BYTEORDER_INVALID, len);
 }
 
 /**
diff --git a/src/evaluate.c b/src/evaluate.c
index 00e55b7..0732660 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -238,6 +238,7 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr)
 			mpz_clear(mask);
 			return -1;
 		}
+		(*expr)->byteorder = ctx->ectx.byteorder;
 		(*expr)->len = ctx->ectx.len;
 		mpz_clear(mask);
 		break;
@@ -261,7 +262,8 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr)
  */
 static int expr_evaluate_primary(struct eval_ctx *ctx, struct expr **expr)
 {
-	expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->len);
+	__expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
+			   (*expr)->len);
 	return 0;
 }
 
-- 
1.7.10.4

next             reply	other threads:[~2014-12-08 22:22 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-12-08 22:24 Pablo Neira Ayuso [this message]
2014-12-08 22:24 ` [PATCH nft 2/3] netlink_delinearize: fix listing of set members in host byteorder using integer_type Pablo Neira Ayuso
2014-12-09  7:53   ` Patrick McHardy
2014-12-09 14:19     ` Pablo Neira Ayuso
2014-12-09 14:25       ` Patrick McHardy
2014-12-08 22:24 ` [PATCH nft 3/3] netlink: fix listing of range set elements in host byteorder Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:59fa5f3 dfblob:4b96879 dfblob:00e55b7 dfblob:0732660 )
 OR (
bs:"[PATCH nft 1/3] src: generate set members using integer_type in the appropriate byteorder" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1418077474-6431-1-git-send-email-pablo@netfilter.org \
    --to=pablo@netfilter.org \
    --cc=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).