Re: [PATCH libftnl,RFC] src: add infrastructure to infer byteorder from keys

[Phil Sutter <phil@nwl.cc>]

Hi Pablo,

On Thu, Nov 26, 2020 at 11:48:50AM +0100, Pablo Neira Ayuso wrote:
> This patch adds a new .byteorder callback to expressions to allow infer
> the data byteorder that is placed in registers. Given that keys have a
> fixed datatype, this patch tracks register operations to obtain the data
> byteorder. This new infrastructure is internal and it is only used by
> the nftnl_rule_snprintf() function to make it portable regardless the
> endianess.
> 
> A few examples after this patch running on x86_64:
> 
> netdev
>   [ meta load protocol => reg 1 ]
>   [ cmp eq reg 1 0x00000008 ]
>   [ immediate reg 1 0x01020304 ]
>   [ payload write reg 1 => 4b @ network header + 12 csum_type 1 csum_off 10 csum_flags 0x1 ]
> 
> root@salvia:/home/pablo/devel/scm/git-netfilter/libnftnl# nft --debug=netlink add rule netdev x z ip saddr 1.2.3.4
> netdev
>   [ meta load protocol => reg 1 ]
>   [ cmp eq reg 1 0x00000008 ]
>   [ payload load 4b @ network header + 12 => reg 1 ]
>   [ cmp eq reg 1 0x01020304 ]
> 
> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
> ---
> Hi Phil,
> 
> This patch is incomplete. Many expressions are still missing the byteorder.
> This is adding minimal infrastructure to "delinearize" expression for printing
> on the debug information.
> 
> The set infrastructure is also missing, this requires to move the TYPE_
> definitions to libnftnl (this is part of existing technical debt) and
> add minimal code to "delinearize" the set element again from snprintf
> based in the NFTNL_SET_DATATYPE / userdata information of the set
> definition.

Thanks for this initial implementation, I think it's a good start and I
would like to complete it. Currently I'm running into roadblocks with
anonymous sets, though (I didn't even test named ones yet). The
anonymous ones are what I hit first when trying to fix tests/py/ payload
files.

The simple example is:
| nft --debug=netlink add rule ip t c ip saddr { 10.0.0.1, 1.2.3.4 }

I tried to extract NFTNL_UDATA_SET_KEYBYTEORDER and
NFTNL_UDATA_SET_DATABYTEORDER from set's udata in
nftnl_set_snprintf_default() but those are not present. Also set's
'key_type' and 'data_type' fields are zero, probably because the set
doesn't have a formal definition.

I added some debug printing to nftnl_rule_snprintf_default() and
apparently debug output prints the set content before it is called,
therefore I can't use your infrastructure to deduce the set elements'
byteorder from the lookup expression's sreg.

Any ideas how this could be solved?

Thanks, Phil