Re: [PATCH nft 1/3] parser: fix parsing of ethernet protocol types

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft 1/3] parser: fix parsing of ethernet protocol types
Date: Thu, 16 Jan 2014 16:28:16 +0000	[thread overview]
Message-ID: <20140116162816.GA4111@macbook.localnet> (raw)
In-Reply-To: <1389817823-7251-1-git-send-email-pablo@netfilter.org>

On Wed, Jan 15, 2014 at 09:30:21PM +0100, Pablo Neira Ayuso wrote:
> This allows us to use the protocol type keyword, eg.
> 
> nft add rule ip filter output meta protocol ip6 counte
>                                             ^^^

I see two problems with this patch:

- the mapping to ETH_P_* is fixed. In case of f.i. meta nfproto relational
  expression it would have to map to NFPROTO_* values. So I think we should
  use symbolic expressions instead of constants and leave parsing to the
  evaluation phase-

- we're still using a mix of ip6 and ipv6. Lets also fix that, ideally
  as a patch before this one.

I can take care of this if you like.


> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
>  src/parser.y |   29 +++++++++++++++++++++++++++++
>  1 file changed, 29 insertions(+)
> 
> diff --git a/src/parser.y b/src/parser.y
> index 038282e..23662f7 100644
> --- a/src/parser.y
> +++ b/src/parser.y
> @@ -23,6 +23,7 @@
>  #include <expression.h>
>  #include <utils.h>
>  #include <parser.h>
> +#include <if_ether.h>
>  #include <erec.h>
>  
>  #include "parser.h"
> @@ -1418,6 +1419,13 @@ vlan_hdr_expr		:	VLAN	vlan_hdr_field
>  			{
>  				$$ = payload_expr_alloc(&@$, &payload_vlan, $2);
>  			}
> +			|	VLAN
> +			{
> +				uint16_t data = ETH_P_8021Q;
> +				$$ = constant_expr_alloc(&@$, &ethertype_type,
> +							 BYTEORDER_HOST_ENDIAN,
> +							 sizeof(data) * BITS_PER_BYTE, &data);
> +			}
>  			;
>  
>  vlan_hdr_field		:	ID		{ $$ = VLANHDR_VID; }
> @@ -1430,6 +1438,13 @@ arp_hdr_expr		:	ARP	arp_hdr_field
>  			{
>  				$$ = payload_expr_alloc(&@$, &payload_arp, $2);
>  			}
> +			|	ARP
> +			{
> +				uint16_t data = ETH_P_ARP;
> +				$$ = constant_expr_alloc(&@$, &ethertype_type,
> +							 BYTEORDER_HOST_ENDIAN,
> +							 sizeof(data) * BITS_PER_BYTE, &data);
> +			}
>  			;
>  
>  arp_hdr_field		:	HTYPE		{ $$ = ARPHDR_HRD; }
> @@ -1443,6 +1458,13 @@ ip_hdr_expr		:	IP	ip_hdr_field
>  			{
>  				$$ = payload_expr_alloc(&@$, &payload_ip, $2);
>  			}
> +			|	IP
> +			{
> +				uint16_t data = ETH_P_IP;
> +				$$ = constant_expr_alloc(&@$, &ethertype_type,
> +							 BYTEORDER_HOST_ENDIAN,
> +							 sizeof(data) * BITS_PER_BYTE, &data);
> +			}
>  			;
>  
>  ip_hdr_field		:	VERSION		{ $$ = IPHDR_VERSION; }
> @@ -1484,6 +1506,13 @@ ip6_hdr_expr		:	IP6	ip6_hdr_field
>  			{
>  				$$ = payload_expr_alloc(&@$, &payload_ip6, $2);
>  			}
> +			|	IP6
> +			{
> +				uint16_t data = ETH_P_IPV6;
> +				$$ = constant_expr_alloc(&@$, &ethertype_type,
> +							 BYTEORDER_HOST_ENDIAN,
> +							 sizeof(data) * BITS_PER_BYTE, &data);
> +			}
>  			;
>  
>  ip6_hdr_field		:	VERSION		{ $$ = IP6HDR_VERSION; }
> -- 
> 1.7.10.4
> 
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

next prev parent reply	other threads:[~2014-01-16 16:28 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-01-15 20:30 [PATCH nft 1/3] parser: fix parsing of ethernet protocol types Pablo Neira Ayuso
2014-01-15 20:30 ` [PATCH nft 2/3] payload: fix crash when wrong ethernet protocol type is used Pablo Neira Ayuso
2014-01-16 16:29   ` Patrick McHardy
2014-01-15 20:30 ` [PATCH nft 3/3] payload: fix inconsistency in ethertype output Pablo Neira Ayuso
2014-01-16 16:32   ` Patrick McHardy
2014-01-16 16:28 ` Patrick McHardy [this message]
2014-01-16 16:49   ` [PATCH nft 1/3] parser: fix parsing of ethernet protocol types Pablo Neira Ayuso
2014-01-16 16:51     ` Patrick McHardy

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20140116162816.GA4111@macbook.localnet \
    --to=kaber@trash.net \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).