From: Patrick McHardy <kaber@trash.net>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft 1/2] src: add big endian integer datatype
Date: Mon, 8 Dec 2014 18:31:55 +0000 [thread overview]
Message-ID: <20141208183154.GE2672@acer.localdomain> (raw)
In-Reply-To: <1418062551-4715-1-git-send-email-pablo@netfilter.org>
On 08.12, Pablo Neira Ayuso wrote:
> Rules with header fields that rely on the generic integer datatype
> from sets are not matching, eg.
>
> nft add rule filter input udp length { 9 } counter
>
> This set member is an integer represented in host byte order, which
> obviously doesn't match the header field (in network byte order).
>
> Since the integer datatype has no specific byteorder, we could rely
> on the expression byteorder instead when configuring the context,
> before we evaluate the list of set members.
>
> This approach doesn't solve the problem in the delinearize path, since
> we infer the datatype from the set keytype, ie. integer_type. But this
> type has no specific byteorder (BYTEORDER_INVALID) so
> netlink_delinearize_setelem() doesn't know if we sent the integer in
> host or network byteorder.
>
> To resolve this, this patch adds TYPE_BE_INTEGER, a dummy integer
> subtype, and use it from the protocol header definitions. Thus, the
> set keytype indicates what byteorder had been used for the set members.
I don't like encoding the byteorder in the datatype. Is there anything
wrong with setting the byteorder in delinearization after we know the
related expression?
In your example it can easily be deduced from the datatype.
next prev parent reply other threads:[~2014-12-08 18:32 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-12-08 18:15 [PATCH nft 1/2] src: add big endian integer datatype Pablo Neira Ayuso
2014-12-08 18:15 ` [PATCH nft 2/2] netlink: fix listing of range set elements Pablo Neira Ayuso
2014-12-08 18:31 ` Patrick McHardy [this message]
2014-12-08 18:41 ` [PATCH nft 1/2] src: add big endian integer datatype Pablo Neira Ayuso
2014-12-08 18:50 ` Patrick McHardy
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20141208183154.GE2672@acer.localdomain \
--to=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).