From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH 08/12] netlink: cmp: shift rhs constant if lhs offset doesn't start on byte boundary
Date: Sun, 16 Aug 2015 21:05:51 +0200 [thread overview]
Message-ID: <1439751955-31190-9-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1439751955-31190-1-git-send-email-fw@strlen.de>
if we have payload(someoffset) == 42, then shift 42 in case someoffset
doesn't start on a byte boundary.
We already insert a mask instruction to only load those bits into
the register that we were interested in, but the cmp will fail without
also adjusting rhs accordingly.
Needs additional patch in reverse direction to undo the shift again
when dumping ruleset.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/netlink_linearize.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 0467872..044bac8 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -278,6 +278,15 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg);
+static void payload_shift_value(const struct expr *left, struct expr *right)
+{
+ if (right->ops->type != EXPR_VALUE ||
+ left->ops->type != EXPR_PAYLOAD)
+ return;
+
+ mpz_lshift_ui(right->value, left->payload.offset % BITS_PER_BYTE);
+}
+
static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
@@ -326,6 +335,7 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx,
netlink_put_register(nle, NFT_EXPR_CMP_SREG, sreg);
nft_rule_expr_set_u32(nle, NFT_EXPR_CMP_OP,
netlink_gen_cmp_op(expr->op));
+ payload_shift_value(expr->left, right);
netlink_gen_data(right, &nld);
nft_rule_expr_set(nle, NFT_EXPR_CMP_DATA, nld.value, nld.len);
release_register(ctx, expr->left);
--
2.0.5
next prev parent reply other threads:[~2015-08-16 19:06 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-08-16 19:05 [PATCH nft 0/12] add support for VLAN header filtering in bridge family Florian Westphal
2015-08-16 19:05 ` [PATCH 01/12] tests: use the src/nft binary instead of $PATH one Florian Westphal
2015-08-16 19:05 ` [PATCH 02/12] tests: add 'awkward' prefix match expression Florian Westphal
2015-08-16 19:05 ` [PATCH 03/12] nft: allow stacking vlan header on top of ethernet Florian Westphal
2015-08-16 19:05 ` [PATCH 04/12] payload: disable payload merge if offsets are not on byte boundary Florian Westphal
2015-08-16 19:05 ` [PATCH 05/12] src: netlink_linearize: handle sub-byte lengths Florian Westphal
2015-08-16 19:05 ` [PATCH 06/12] src: netlink: don't truncate set key lengths Florian Westphal
2015-08-16 19:05 ` [PATCH 07/12] nft: fill in doff and fix ihl/version template entries Florian Westphal
2015-08-16 19:05 ` Florian Westphal [this message]
2015-08-16 19:05 ` [PATCH 09/12] tests: add tests for ip version/hdrlength/tcp doff Florian Westphal
2015-08-16 19:05 ` [PATCH 10/12] nft: support listing expressions that use non-byte header fields Florian Westphal
2015-08-16 19:05 ` [PATCH 11/12] tests: vlan tests Florian Westphal
2015-08-16 19:05 ` [PATCH 12/13] vlan: make != tests work Florian Westphal
2015-08-23 21:24 ` [PATCH nft 0/12] add support for VLAN header filtering in bridge family Florian Westphal
2015-09-21 14:18 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1439751955-31190-9-git-send-email-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).