[nftables PATCH] src: Add support for adding TOS symbols

[nftables PATCH] src: Add support for adding TOS symbols

[Alvaro Neira Ayuso]

This patch allows to add type of service using symbols not
only with mask.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
 include/datatype.h |    2 ++
 src/proto.c        |   60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/include/datatype.h b/include/datatype.h
index 2c66e9d..b53358c 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -35,6 +35,7 @@
  * @TYPE_CT_STATUS:	conntrack status (bitmask subtype)
  * @TYPE_ICMP6_TYPE:	ICMPv6 type codes (integer subtype)
  * @TYPE_CT_LABEL:	Conntrack Label (bitmask subtype)
+ * @TYPE_TOS:		Type of service
  */
 enum datatypes {
 	TYPE_INVALID,
@@ -63,6 +64,7 @@ enum datatypes {
 	TYPE_TC_HANDLE,
 	TYPE_UID,
 	TYPE_GID,
+	TYPE_TOS,
 	TYPE_CT_STATE,
 	TYPE_CT_DIR,
 	TYPE_CT_STATUS,
diff --git a/src/proto.c b/src/proto.c
index 0a37a65..2f77b40 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -478,10 +478,67 @@ const struct proto_desc proto_sctp = {
  */
 
 #include <netinet/ip.h>
+
+static const struct symbol_table tos_type_tbl = {
+	.symbols	= {
+		SYMBOL("minimize-delay",	IPTOS_LOWDELAY),
+		SYMBOL("maximize-throughput",	IPTOS_THROUGHPUT),
+		SYMBOL("maximize-reliability",	IPTOS_RELIABILITY),
+		SYMBOL("minimize-cost",		IPTOS_MINCOST),
+		SYMBOL("normal-service",	0),
+		SYMBOL_LIST_END
+	},
+};
+
+static struct error_record *tos_type_parse(const struct expr *sym,
+					   struct expr **res)
+{
+	struct error_record *erec;
+	const struct symbolic_constant *s;
+
+	for (s = tos_type_tbl.symbols; s->identifier != NULL; s++) {
+		if (!strcmp(sym->identifier, s->identifier)) {
+			*res = constant_expr_alloc(&sym->location, sym->dtype,
+						   sym->dtype->byteorder,
+						   sym->dtype->size,
+						   &s->value);
+			return NULL;
+		}
+	}
+
+	*res = NULL;
+	erec = sym->dtype->basetype->parse(sym, res);
+	if (erec != NULL)
+		return erec;
+	if (*res)
+		return NULL;
+
+	return symbolic_constant_parse(sym, &tos_type_tbl, res);
+}
+
+static void tos_type_print(const struct expr *expr)
+{
+	return symbolic_constant_print(&tos_type_tbl, expr);
+}
+
+static const struct datatype tos_type = {
+	.type		= TYPE_TOS,
+	.name		= "tos_type",
+	.desc		= "type of service",
+	.byteorder	= BYTEORDER_BIG_ENDIAN,
+	.size		= BITS_PER_BYTE,
+	.basetype	= &integer_type,
+	.basefmt	= "0x%.2Zx",
+	.print		= tos_type_print,
+	.parse		= tos_type_parse,
+};
+
 #define IPHDR_FIELD(__name, __member) \
 	HDR_FIELD(__name, struct iphdr, __member)
 #define IPHDR_ADDR(__name, __member) \
 	HDR_TYPE(__name, &ipaddr_type, struct iphdr, __member)
+#define IPHDR_TOS(__name, __member) \
+	HDR_TYPE(__name, &tos_type, struct iphdr, __member)
 
 const struct proto_desc proto_ip = {
 	.name		= "ip",
@@ -501,7 +558,7 @@ const struct proto_desc proto_ip = {
 	.templates	= {
 		[IPHDR_VERSION]		= HDR_BITFIELD("version", &integer_type, 0, 4),
 		[IPHDR_HDRLENGTH]	= HDR_BITFIELD("hdrlength", &integer_type, 4, 4),
-		[IPHDR_TOS]		= IPHDR_FIELD("tos",		tos),
+		[IPHDR_TOS]		= IPHDR_TOS("tos",		tos),
 		[IPHDR_LENGTH]		= IPHDR_FIELD("length",		tot_len),
 		[IPHDR_ID]		= IPHDR_FIELD("id",		id),
 		[IPHDR_FRAG_OFF]	= IPHDR_FIELD("frag-off",	frag_off),
@@ -811,4 +868,5 @@ static void __init proto_init(void)
 	datatype_register(&arpop_type);
 	datatype_register(&ethertype_type);
 	datatype_register(&icmp6_type_type);
+	datatype_register(&tos_type);
 }
-- 
1.7.10.4

Re: [nftables PATCH] src: Add support for adding TOS symbols

[Pablo Neira Ayuso]

On Fri, May 23, 2014 at 08:10:02PM +0200, Alvaro Neira Ayuso wrote:
> This patch allows to add type of service using symbols not
> only with mask.
> 
> Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
> ---
>  include/datatype.h |    2 ++
>  src/proto.c        |   60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
>  2 files changed, 61 insertions(+), 1 deletion(-)
> 
> diff --git a/include/datatype.h b/include/datatype.h
> index 2c66e9d..b53358c 100644
> --- a/include/datatype.h
> +++ b/include/datatype.h
> @@ -35,6 +35,7 @@
>   * @TYPE_CT_STATUS:	conntrack status (bitmask subtype)
>   * @TYPE_ICMP6_TYPE:	ICMPv6 type codes (integer subtype)
>   * @TYPE_CT_LABEL:	Conntrack Label (bitmask subtype)
> + * @TYPE_TOS:		Type of service
                                                ^^^^^
                  Minor nitpick: Missing comment above regarding the subtype.

>   */
>  enum datatypes {
>  	TYPE_INVALID,
> @@ -63,6 +64,7 @@ enum datatypes {
>  	TYPE_TC_HANDLE,
>  	TYPE_UID,
>  	TYPE_GID,
> +	TYPE_TOS,

You have to add this to the end of the list of enum.

The datatypes are used in the sets keytype, nft needs them to
interpret the elements. If you add this here and someone upgrades nft,
it will break.

>  	TYPE_CT_STATE,
>  	TYPE_CT_DIR,
>  	TYPE_CT_STATUS,

[nftables PATCH v2] src: Add support for adding TOS symbols

[Alvaro Neira Ayuso]

This patch allows to add type of service using symbols not
only with mask.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
[changes in v2]
* I have added the TYPE_TOS in the end of enum datatypes.
* I have added the subtypes of TYPE_TOS in the comment.

 include/datatype.h |    2 ++
 src/proto.c        |   60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/include/datatype.h b/include/datatype.h
index 2c66e9d..2ddab7d 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -35,6 +35,7 @@
  * @TYPE_CT_STATUS:	conntrack status (bitmask subtype)
  * @TYPE_ICMP6_TYPE:	ICMPv6 type codes (integer subtype)
  * @TYPE_CT_LABEL:	Conntrack Label (bitmask subtype)
+ * @TYPE_TOS:		Type of service (integer subtype)
  */
 enum datatypes {
 	TYPE_INVALID,
@@ -68,6 +69,7 @@ enum datatypes {
 	TYPE_CT_STATUS,
 	TYPE_ICMP6_TYPE,
 	TYPE_CT_LABEL,
+	TYPE_TOS,
 	__TYPE_MAX
 };
 #define TYPE_MAX		(__TYPE_MAX - 1)
diff --git a/src/proto.c b/src/proto.c
index 0a37a65..2f77b40 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -478,10 +478,67 @@ const struct proto_desc proto_sctp = {
  */
 
 #include <netinet/ip.h>
+
+static const struct symbol_table tos_type_tbl = {
+	.symbols	= {
+		SYMBOL("minimize-delay",	IPTOS_LOWDELAY),
+		SYMBOL("maximize-throughput",	IPTOS_THROUGHPUT),
+		SYMBOL("maximize-reliability",	IPTOS_RELIABILITY),
+		SYMBOL("minimize-cost",		IPTOS_MINCOST),
+		SYMBOL("normal-service",	0),
+		SYMBOL_LIST_END
+	},
+};
+
+static struct error_record *tos_type_parse(const struct expr *sym,
+					   struct expr **res)
+{
+	struct error_record *erec;
+	const struct symbolic_constant *s;
+
+	for (s = tos_type_tbl.symbols; s->identifier != NULL; s++) {
+		if (!strcmp(sym->identifier, s->identifier)) {
+			*res = constant_expr_alloc(&sym->location, sym->dtype,
+						   sym->dtype->byteorder,
+						   sym->dtype->size,
+						   &s->value);
+			return NULL;
+		}
+	}
+
+	*res = NULL;
+	erec = sym->dtype->basetype->parse(sym, res);
+	if (erec != NULL)
+		return erec;
+	if (*res)
+		return NULL;
+
+	return symbolic_constant_parse(sym, &tos_type_tbl, res);
+}
+
+static void tos_type_print(const struct expr *expr)
+{
+	return symbolic_constant_print(&tos_type_tbl, expr);
+}
+
+static const struct datatype tos_type = {
+	.type		= TYPE_TOS,
+	.name		= "tos_type",
+	.desc		= "type of service",
+	.byteorder	= BYTEORDER_BIG_ENDIAN,
+	.size		= BITS_PER_BYTE,
+	.basetype	= &integer_type,
+	.basefmt	= "0x%.2Zx",
+	.print		= tos_type_print,
+	.parse		= tos_type_parse,
+};
+
 #define IPHDR_FIELD(__name, __member) \
 	HDR_FIELD(__name, struct iphdr, __member)
 #define IPHDR_ADDR(__name, __member) \
 	HDR_TYPE(__name, &ipaddr_type, struct iphdr, __member)
+#define IPHDR_TOS(__name, __member) \
+	HDR_TYPE(__name, &tos_type, struct iphdr, __member)
 
 const struct proto_desc proto_ip = {
 	.name		= "ip",
@@ -501,7 +558,7 @@ const struct proto_desc proto_ip = {
 	.templates	= {
 		[IPHDR_VERSION]		= HDR_BITFIELD("version", &integer_type, 0, 4),
 		[IPHDR_HDRLENGTH]	= HDR_BITFIELD("hdrlength", &integer_type, 4, 4),
-		[IPHDR_TOS]		= IPHDR_FIELD("tos",		tos),
+		[IPHDR_TOS]		= IPHDR_TOS("tos",		tos),
 		[IPHDR_LENGTH]		= IPHDR_FIELD("length",		tot_len),
 		[IPHDR_ID]		= IPHDR_FIELD("id",		id),
 		[IPHDR_FRAG_OFF]	= IPHDR_FIELD("frag-off",	frag_off),
@@ -811,4 +868,5 @@ static void __init proto_init(void)
 	datatype_register(&arpop_type);
 	datatype_register(&ethertype_type);
 	datatype_register(&icmp6_type_type);
+	datatype_register(&tos_type);
 }
-- 
1.7.10.4

Re: [nftables PATCH v2] src: Add support for adding TOS symbols

[Maciej Żenczykowski]

What for?

http://tools.ietf.org/html/rfc1349 (TOS) is obsoleted by
http://tools.ietf.org/html/rfc2474 (DSCP)

Furthermore minimize cost conflicts with current uses (ECN).

Does anyone even use those old definitions?

- Maciej

[nftables PATCH 1/2 v3] src: Add support for adding TOS symbols

[Alvaro Neira Ayuso]

From: Álvaro Neira Ayuso <alvaroneay@gmail.com>

This patch allows to add type of service using symbols not
only with mask.

Signed-off-by: Alvaro Neira Ayuso <alvaroneay@gmail.com>
---
[changes in v3]
* I have changed the function IPHDR_TOS for adding the struct datatype like
  a parameter. With this changes we have a general function that we can use
  for adding DSCP support.

 include/datatype.h |    2 ++
 src/proto.c        |   60 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 2 files changed, 61 insertions(+), 1 deletion(-)

diff --git a/include/datatype.h b/include/datatype.h
index 2c66e9d..2ddab7d 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -35,6 +35,7 @@
  * @TYPE_CT_STATUS:	conntrack status (bitmask subtype)
  * @TYPE_ICMP6_TYPE:	ICMPv6 type codes (integer subtype)
  * @TYPE_CT_LABEL:	Conntrack Label (bitmask subtype)
+ * @TYPE_TOS:		Type of service (integer subtype)
  */
 enum datatypes {
 	TYPE_INVALID,
@@ -68,6 +69,7 @@ enum datatypes {
 	TYPE_CT_STATUS,
 	TYPE_ICMP6_TYPE,
 	TYPE_CT_LABEL,
+	TYPE_TOS,
 	__TYPE_MAX
 };
 #define TYPE_MAX		(__TYPE_MAX - 1)
diff --git a/src/proto.c b/src/proto.c
index 0a37a65..cb27495 100644
--- a/src/proto.c
+++ b/src/proto.c
@@ -478,10 +478,67 @@ const struct proto_desc proto_sctp = {
  */
 
 #include <netinet/ip.h>
+
+static const struct symbol_table tos_type_tbl = {
+	.symbols	= {
+		SYMBOL("minimize-delay",	IPTOS_LOWDELAY),
+		SYMBOL("maximize-throughput",	IPTOS_THROUGHPUT),
+		SYMBOL("maximize-reliability",	IPTOS_RELIABILITY),
+		SYMBOL("minimize-cost",		IPTOS_MINCOST),
+		SYMBOL("normal-service",	0),
+		SYMBOL_LIST_END
+	},
+};
+
+static struct error_record *tos_type_parse(const struct expr *sym,
+					   struct expr **res)
+{
+	struct error_record *erec;
+	const struct symbolic_constant *s;
+
+	for (s = tos_type_tbl.symbols; s->identifier != NULL; s++) {
+		if (!strcmp(sym->identifier, s->identifier)) {
+			*res = constant_expr_alloc(&sym->location, sym->dtype,
+						   sym->dtype->byteorder,
+						   sym->dtype->size,
+						   &s->value);
+			return NULL;
+		}
+	}
+
+	*res = NULL;
+	erec = sym->dtype->basetype->parse(sym, res);
+	if (erec != NULL)
+		return erec;
+	if (*res)
+		return NULL;
+
+	return symbolic_constant_parse(sym, &tos_type_tbl, res);
+}
+
+static void tos_type_print(const struct expr *expr)
+{
+	return symbolic_constant_print(&tos_type_tbl, expr);
+}
+
+static const struct datatype tos_type = {
+	.type		= TYPE_TOS,
+	.name		= "tos_type",
+	.desc		= "type of service",
+	.byteorder	= BYTEORDER_BIG_ENDIAN,
+	.size		= BITS_PER_BYTE,
+	.basetype	= &integer_type,
+	.basefmt	= "0x%.2Zx",
+	.print		= tos_type_print,
+	.parse		= tos_type_parse,
+};
+
 #define IPHDR_FIELD(__name, __member) \
 	HDR_FIELD(__name, struct iphdr, __member)
 #define IPHDR_ADDR(__name, __member) \
 	HDR_TYPE(__name, &ipaddr_type, struct iphdr, __member)
+#define IPHDR_TOS(__name, __type) \
+	HDR_TYPE(__name, __type, struct iphdr, tos)
 
 const struct proto_desc proto_ip = {
 	.name		= "ip",
@@ -501,7 +558,7 @@ const struct proto_desc proto_ip = {
 	.templates	= {
 		[IPHDR_VERSION]		= HDR_BITFIELD("version", &integer_type, 0, 4),
 		[IPHDR_HDRLENGTH]	= HDR_BITFIELD("hdrlength", &integer_type, 4, 4),
-		[IPHDR_TOS]		= IPHDR_FIELD("tos",		tos),
+		[IPHDR_TOS]		= IPHDR_TOS("tos",		&tos_type),
 		[IPHDR_LENGTH]		= IPHDR_FIELD("length",		tot_len),
 		[IPHDR_ID]		= IPHDR_FIELD("id",		id),
 		[IPHDR_FRAG_OFF]	= IPHDR_FIELD("frag-off",	frag_off),
@@ -811,4 +868,5 @@ static void __init proto_init(void)
 	datatype_register(&arpop_type);
 	datatype_register(&ethertype_type);
 	datatype_register(&icmp6_type_type);
+	datatype_register(&tos_type);
 }
-- 
1.7.10.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html