[PATCH nft 03/10] netlink: add and use netlink_gen_exthdr_mask

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 03/10] netlink: add and use netlink_gen_exthdr_mask
Date: Tue,  1 Mar 2016 16:37:43 +0100	[thread overview]
Message-ID: <1456846670-28179-4-git-send-email-fw@strlen.de> (raw)
In-Reply-To: <1456846670-28179-1-git-send-email-fw@strlen.de>

rule ip6 filter input frag frag-off 33

before patch:
 [ exthdr load 1b @ 44 + 2 => reg 1 ]
 [ cmp eq reg 1 0x00002100 ]

We truncated 13bit field to 1 byte.

after patch:
 [ exthdr load 2b @ 44 + 2 => reg 1 ]
 [ bitwise reg 1 = (reg=1 & 0x0000f8ff ) ^ 0x00000000 ]
 [ cmp eq reg 1 0x00000801 ]

- ask for 2 bytes
- mask out the 3 lower bits
- shift the value by 3 so equality test will pass for 33

This causes test failures, will be fixed up in a later patch
(the test suite expects the old, broken input).

It also misses the reverse translation to remove the binop,
find the right template and undo the shift of the value.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink_linearize.c | 27 ++++++++++++++++++++++++---
 1 file changed, 24 insertions(+), 3 deletions(-)

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 7715a28..7ff3b00 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -181,6 +181,18 @@ static void netlink_gen_payload(struct netlink_linearize_ctx *ctx,
 	netlink_gen_payload_mask(ctx, expr, dreg);
 }
 
+static void netlink_gen_exthdr_mask(struct netlink_linearize_ctx *ctx,
+				    const struct expr *expr,
+				    enum nft_registers dreg)
+{
+	unsigned int shift, offset;
+
+	offset = expr->exthdr.tmpl->offset % BITS_PER_BYTE;
+	shift = payload_shift_calc(expr, offset);
+	if (shift || offset)
+		netlink_gen_mask(ctx, expr, shift, dreg);
+}
+
 static void netlink_gen_exthdr(struct netlink_linearize_ctx *ctx,
 			       const struct expr *expr,
 			       enum nft_registers dreg)
@@ -194,8 +206,10 @@ static void netlink_gen_exthdr(struct netlink_linearize_ctx *ctx,
 	nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_OFFSET,
 			   expr->exthdr.tmpl->offset / BITS_PER_BYTE);
 	nftnl_expr_set_u32(nle, NFTNL_EXPR_EXTHDR_LEN,
-			   expr->len / BITS_PER_BYTE);
+			   div_round_up(expr->len, BITS_PER_BYTE));
 	nftnl_rule_add_expr(ctx->nlr, nle);
+
+	netlink_gen_exthdr_mask(ctx, expr, dreg);
 }
 
 static void netlink_gen_meta(struct netlink_linearize_ctx *ctx,
@@ -306,10 +320,17 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx,
 
 static void payload_shift_value(const struct expr *left, struct expr *right)
 {
-	if (right->ops->type != EXPR_VALUE ||
-	    left->ops->type != EXPR_PAYLOAD)
+	if (right->ops->type != EXPR_VALUE)
 		return;
 
+	switch (left->ops->type) {
+	case EXPR_PAYLOAD:
+	case EXPR_EXTHDR:
+		break;
+	default:
+		return;
+	}
+
 	mpz_lshift_ui(right->value,
 			payload_shift_calc(left, left->payload.offset));
 }
-- 
2.4.10

next prev parent reply	other threads:[~2016-03-01 15:37 UTC|newest]

Thread overview: 12+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-01 15:37 [PATCH nft 00/10] nft: exthdr fixes and improvements Florian Westphal
2016-03-01 15:37 ` [PATCH nft 01/10] evaluate: enforce ip6 proto with exthdr expression Florian Westphal
2016-03-01 15:37 ` [PATCH nft 02/10] netlink: split generic part of netlink_gen_payload_mask into helper Florian Westphal
2016-03-01 15:37 ` Florian Westphal [this message]
2016-03-01 15:37 ` [PATCH nft 04/10] payload: move payload_gen_dependency generic part to helper Florian Westphal
2016-03-01 15:37 ` [PATCH nft 05/10] exthdr: generate dependencies for inet/bridge/netdev family Florian Westphal
2016-03-01 15:37 ` [PATCH nft 06/10] tests: add/fix inet+exthdr tests Florian Westphal
2016-03-01 15:37 ` [PATCH nft 07/10] exthdr: remove implicit dependencies Florian Westphal
2016-03-01 15:37 ` [PATCH nft 08/10] exthdr: store offset for later use Florian Westphal
2016-03-01 15:37 ` [PATCH nft 09/10] netlink_delinearize: prepare binop_postprocess for exthdr demux Florian Westphal
2016-03-01 15:37 ` [PATCH nft 10/10] netlink_delinearize: handle extension header templates with odd sizes Florian Westphal
2016-03-02 12:00 ` [PATCH nft 00/10] nft: exthdr fixes and improvements Pablo Neira Ayuso

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:7715a28 dfblob:7ff3b00 )
 OR (
bs:"[PATCH nft 03/10] netlink: add and use netlink_gen_exthdr_mask" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1456846670-28179-4-git-send-email-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).