From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org
Subject: [libnftnl PATCH v2 1/7] src: add infrastructure to infer byteorder from keys
Date: Wed, 24 Nov 2021 18:22:36 +0100 [thread overview]
Message-ID: <20211124172242.11402-2-phil@nwl.cc> (raw)
In-Reply-To: <20211124172242.11402-1-phil@nwl.cc>
From: Pablo Neira Ayuso <pablo@netfilter.org>
This patch adds a new .byteorder callback to expressions to allow infer
the data byteorder that is placed in registers. Given that keys have a
fixed datatype, this patch tracks register operations to obtain the data
byteorder. This new infrastructure is internal and it is only used by
the nftnl_rule_snprintf() function to make it portable regardless the
endianess.
A few examples after this patch running on x86_64:
netdev
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ immediate reg 1 0x01020304 ]
[ payload write reg 1 => 4b @ network header + 12 csum_type 1 csum_off 10 csum_flags 0x1 ]
root@salvia:/home/pablo/devel/scm/git-netfilter/libnftnl# nft --debug=netlink add rule netdev x z ip saddr 1.2.3.4
netdev
[ meta load protocol => reg 1 ]
[ cmp eq reg 1 0x00000008 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ cmp eq reg 1 0x01020304 ]
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
Changes since v1:
- Fix calls to changed nftnl_data_reg_snprintf().
- Add more byteorder callbacks
- expr/xfrm: Fix SPI endianness, was recently corrected in nftables
- ct helper: Strings are always "big endian"
- expr/cmp: Boundary comparisons are always Big Endian
- expr/range: Ranges are always in network byte order
---
include/common.h | 29 +++++++++++++++++++++++++
include/data_reg.h | 4 +++-
include/expr.h | 2 +-
include/expr_ops.h | 2 ++
src/expr.c | 51 ++++++++++++++++++++++++++++++++++++++++++++
src/expr/bitwise.c | 30 +++++++++++++++++++-------
src/expr/byteorder.c | 21 ++++++++++++++++++
src/expr/cmp.c | 21 +++++++++++++++++-
src/expr/ct.c | 30 ++++++++++++++++++++++++++
src/expr/data_reg.c | 18 +++++++++++-----
src/expr/dup.c | 14 ++++++++++++
src/expr/exthdr.c | 14 ++++++++++++
src/expr/fib.c | 18 ++++++++++++++++
src/expr/fwd.c | 14 ++++++++++++
src/expr/immediate.c | 17 ++++++++++++---
src/expr/masq.c | 16 ++++++++++++++
src/expr/meta.c | 28 ++++++++++++++++++++++++
src/expr/nat.c | 22 +++++++++++++++++++
src/expr/numgen.c | 12 +++++++++++
src/expr/osf.c | 12 +++++++++++
src/expr/payload.c | 14 ++++++++++++
src/expr/queue.c | 12 +++++++++++
src/expr/range.c | 11 ++++++++--
src/expr/redir.c | 16 ++++++++++++++
src/expr/rt.c | 19 +++++++++++++++++
src/expr/socket.c | 12 +++++++++++
src/expr/tproxy.c | 14 ++++++++++++
src/expr/tunnel.c | 12 +++++++++++
src/expr/xfrm.c | 18 ++++++++++++++++
src/rule.c | 7 ++++++
src/set_elem.c | 9 +++++---
31 files changed, 495 insertions(+), 24 deletions(-)
diff --git a/include/common.h b/include/common.h
index d05a81ad542c1..13d709b247f92 100644
--- a/include/common.h
+++ b/include/common.h
@@ -18,4 +18,33 @@ enum nftnl_parse_input {
NFTNL_PARSE_FILE,
};
+enum nftnl_byteorder {
+ NFTNL_BYTEORDER_UNKNOWN = 0,
+ NFTNL_BYTEORDER_HOST,
+ NFTNL_BYTEORDER_NETWORK,
+};
+
+#define NFTNL_CTX_BYTEORDER_MAX_EXPRS 16
+
+struct nftnl_byteorder_ctx {
+ struct {
+ const struct nftnl_expr *expr;
+ enum nftnl_byteorder byteorder;
+ } expr[NFT_REG32_15 + 1];
+ struct {
+ uint32_t reg;
+ struct nftnl_expr *expr;
+ } pending[NFTNL_CTX_BYTEORDER_MAX_EXPRS];
+ uint32_t num_pending;
+};
+
+void nftnl_reg_byteorder_set(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ enum nftnl_byteorder byteorder);
+enum nftnl_byteorder nftnl_reg_byteorder_get(struct nftnl_byteorder_ctx *ctx,
+ uint32_t reg);
+void nftnl_reg_byteorder_unknown(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ struct nftnl_expr *expr);
+void nftnl_reg_byteorder_resolve(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ enum nftnl_byteorder byteorder);
+
#endif
diff --git a/include/data_reg.h b/include/data_reg.h
index 6d2dc66858bf8..3f24b6725e148 100644
--- a/include/data_reg.h
+++ b/include/data_reg.h
@@ -5,6 +5,7 @@
#include <stdint.h>
#include <stdbool.h>
#include <unistd.h>
+#include "common.h"
enum {
DATA_NONE,
@@ -31,7 +32,8 @@ union nftnl_data_reg {
int nftnl_data_reg_snprintf(char *buf, size_t size,
const union nftnl_data_reg *reg,
- uint32_t flags, int reg_type);
+ uint32_t flags, int reg_type,
+ enum nftnl_byteorder byteorder);
struct nlattr;
int nftnl_parse_data(union nftnl_data_reg *data, struct nlattr *attr, int *type);
diff --git a/include/expr.h b/include/expr.h
index be45e954df5b6..50959724492e7 100644
--- a/include/expr.h
+++ b/include/expr.h
@@ -6,6 +6,7 @@ struct expr_ops;
struct nftnl_expr {
struct list_head head;
uint32_t flags;
+ uint32_t byteorder;
struct expr_ops *ops;
uint8_t data[];
};
@@ -15,5 +16,4 @@ struct nlmsghdr;
void nftnl_expr_build_payload(struct nlmsghdr *nlh, struct nftnl_expr *expr);
struct nftnl_expr *nftnl_expr_parse(struct nlattr *attr);
-
#endif
diff --git a/include/expr_ops.h b/include/expr_ops.h
index 7a6aa23f9bd1d..161babdade596 100644
--- a/include/expr_ops.h
+++ b/include/expr_ops.h
@@ -7,6 +7,7 @@
struct nlattr;
struct nlmsghdr;
struct nftnl_expr;
+struct nftnl_print_ctx;
struct expr_ops {
const char *name;
@@ -18,6 +19,7 @@ struct expr_ops {
const void *(*get)(const struct nftnl_expr *e, uint16_t type, uint32_t *data_len);
int (*parse)(struct nftnl_expr *e, struct nlattr *attr);
void (*build)(struct nlmsghdr *nlh, const struct nftnl_expr *e);
+ void (*byteorder)(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e);
int (*snprintf)(char *buf, size_t len, uint32_t flags, const struct nftnl_expr *e);
};
diff --git a/src/expr.c b/src/expr.c
index 277bbdeeb5d02..d958bab98e925 100644
--- a/src/expr.c
+++ b/src/expr.c
@@ -301,3 +301,54 @@ int nftnl_expr_fprintf(FILE *fp, const struct nftnl_expr *expr, uint32_t type,
return nftnl_fprintf(fp, expr, NFTNL_CMD_UNSPEC, type, flags,
nftnl_expr_do_snprintf);
}
+
+void nftnl_reg_byteorder_set(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ enum nftnl_byteorder byteorder)
+{
+ if (reg > NFT_REG32_15)
+ return;
+
+ ctx->expr[reg].byteorder = byteorder;
+}
+
+enum nftnl_byteorder nftnl_reg_byteorder_get(struct nftnl_byteorder_ctx *ctx,
+ uint32_t reg)
+{
+ if (reg > NFT_REG32_15)
+ return NFTNL_BYTEORDER_UNKNOWN;
+
+ return ctx->expr[reg].byteorder;
+}
+
+void nftnl_reg_byteorder_unknown(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ struct nftnl_expr *expr)
+{
+ int k;
+
+ if (reg > NFT_REG32_15)
+ return;
+
+ k = ctx->num_pending++;
+ if (k >= NFTNL_CTX_BYTEORDER_MAX_EXPRS)
+ return;
+
+ ctx->pending[k].reg = reg;
+ ctx->pending[k].expr = expr;
+}
+
+void nftnl_reg_byteorder_resolve(struct nftnl_byteorder_ctx *ctx, uint32_t reg,
+ enum nftnl_byteorder byteorder)
+{
+ struct nftnl_expr *expr;
+ int i;
+
+ for (i = 0; i < ctx->num_pending; i++) {
+ if (!ctx->pending[i].expr)
+ continue;
+ if (ctx->pending[i].reg == reg) {
+ expr = ctx->pending[i].expr;
+ expr->byteorder = byteorder;
+ ctx->pending[i].expr = NULL;
+ }
+ }
+}
diff --git a/src/expr/bitwise.c b/src/expr/bitwise.c
index d0c7827eacec9..a21dec01d286f 100644
--- a/src/expr/bitwise.c
+++ b/src/expr/bitwise.c
@@ -209,9 +209,18 @@ nftnl_expr_bitwise_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_bitwise_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_bitwise *bitwise = nftnl_expr_data(e);
+
+ e->byteorder = nftnl_reg_byteorder_get(ctx, bitwise->sreg);
+}
+
static int
nftnl_expr_bitwise_snprintf_bool(char *buf, size_t remain,
- const struct nftnl_expr_bitwise *bitwise)
+ const struct nftnl_expr_bitwise *bitwise,
+ enum nftnl_byteorder byteorder)
{
int offset = 0, ret;
@@ -220,14 +229,14 @@ nftnl_expr_bitwise_snprintf_bool(char *buf, size_t remain,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->mask,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = snprintf(buf + offset, remain, ") ^ ");
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->xor,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
return offset;
@@ -235,7 +244,8 @@ nftnl_expr_bitwise_snprintf_bool(char *buf, size_t remain,
static int
nftnl_expr_bitwise_snprintf_shift(char *buf, size_t remain, const char *op,
- const struct nftnl_expr_bitwise *bitwise)
+ const struct nftnl_expr_bitwise *bitwise,
+ enum nftnl_byteorder byteorder)
{ int offset = 0, ret;
ret = snprintf(buf, remain, "reg %u = ( reg %u %s ",
@@ -243,7 +253,7 @@ nftnl_expr_bitwise_snprintf_shift(char *buf, size_t remain, const char *op,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &bitwise->data,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = snprintf(buf + offset, remain, ") ");
@@ -261,13 +271,16 @@ nftnl_expr_bitwise_snprintf(char *buf, size_t size,
switch (bitwise->op) {
case NFT_BITWISE_BOOL:
- err = nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise);
+ err = nftnl_expr_bitwise_snprintf_bool(buf, size, bitwise,
+ e->byteorder);
break;
case NFT_BITWISE_LSHIFT:
- err = nftnl_expr_bitwise_snprintf_shift(buf, size, "<<", bitwise);
+ err = nftnl_expr_bitwise_snprintf_shift(buf, size, "<<",
+ bitwise, e->byteorder);
break;
case NFT_BITWISE_RSHIFT:
- err = nftnl_expr_bitwise_snprintf_shift(buf, size, ">>", bitwise);
+ err = nftnl_expr_bitwise_snprintf_shift(buf, size, ">>",
+ bitwise, e->byteorder);
break;
}
@@ -282,5 +295,6 @@ struct expr_ops expr_ops_bitwise = {
.get = nftnl_expr_bitwise_get,
.parse = nftnl_expr_bitwise_parse,
.build = nftnl_expr_bitwise_build,
+ .byteorder = nftnl_expr_bitwise_byteorder,
.snprintf = nftnl_expr_bitwise_snprintf,
};
diff --git a/src/expr/byteorder.c b/src/expr/byteorder.c
index d299745fc57b4..ae67ee6ef2b35 100644
--- a/src/expr/byteorder.c
+++ b/src/expr/byteorder.c
@@ -197,6 +197,26 @@ static inline int nftnl_str2ntoh(const char *op)
}
}
+static void nftnl_expr_byteorder_byteorder(struct nftnl_byteorder_ctx *ctx,
+ struct nftnl_expr *e)
+{
+ struct nftnl_expr_byteorder *byteorder = nftnl_expr_data(e);
+ enum nftnl_byteorder bo;
+
+ switch (byteorder->op) {
+ case NFT_BYTEORDER_NTOH:
+ bo = NFTNL_BYTEORDER_HOST;
+ break;
+ case NFT_BYTEORDER_HTON:
+ bo = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ bo = NFTNL_BYTEORDER_UNKNOWN;
+ break;
+ }
+ nftnl_reg_byteorder_set(ctx, byteorder->dreg, bo);
+}
+
static int
nftnl_expr_byteorder_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -220,5 +240,6 @@ struct expr_ops expr_ops_byteorder = {
.get = nftnl_expr_byteorder_get,
.parse = nftnl_expr_byteorder_parse,
.build = nftnl_expr_byteorder_build,
+ .byteorder = nftnl_expr_byteorder_byteorder,
.snprintf = nftnl_expr_byteorder_snprintf,
};
diff --git a/src/expr/cmp.c b/src/expr/cmp.c
index 6030693f15d86..846a112a03231 100644
--- a/src/expr/cmp.c
+++ b/src/expr/cmp.c
@@ -176,6 +176,24 @@ static inline int nftnl_str2cmp(const char *op)
}
}
+static void
+nftnl_expr_cmp_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_cmp *cmp = nftnl_expr_data(e);
+
+ switch (cmp->op) {
+ case NFT_CMP_LT:
+ case NFT_CMP_LTE:
+ case NFT_CMP_GT:
+ case NFT_CMP_GTE:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ e->byteorder = nftnl_reg_byteorder_get(ctx, cmp->sreg);
+ break;
+ }
+}
+
static int
nftnl_expr_cmp_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -188,7 +206,7 @@ nftnl_expr_cmp_snprintf(char *buf, size_t remain,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &cmp->data,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, e->byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
return offset;
@@ -202,5 +220,6 @@ struct expr_ops expr_ops_cmp = {
.get = nftnl_expr_cmp_get,
.parse = nftnl_expr_cmp_parse,
.build = nftnl_expr_cmp_build,
+ .byteorder = nftnl_expr_cmp_byteorder,
.snprintf = nftnl_expr_cmp_snprintf,
};
diff --git a/src/expr/ct.c b/src/expr/ct.c
index d5dfc81cfe0d1..fe4fc43688eb5 100644
--- a/src/expr/ct.c
+++ b/src/expr/ct.c
@@ -222,6 +222,35 @@ static inline int str2ctdir(const char *str, uint8_t *ctdir)
return -1;
}
+static void
+nftnl_expr_ct_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_ct *ct = nftnl_expr_data(e);
+
+ switch (ct->key) {
+ case NFT_CT_HELPER:
+ case NFT_CT_SRC:
+ case NFT_CT_DST:
+ case NFT_CT_PROTOCOL:
+ case NFT_CT_PROTO_SRC:
+ case NFT_CT_PROTO_DST:
+ case NFT_CT_SRC_IP:
+ case NFT_CT_DST_IP:
+ case NFT_CT_SRC_IP6:
+ case NFT_CT_DST_IP6:
+ case NFT_CT_ID:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+ }
+
+ if (e->flags & (1 << NFTNL_EXPR_CT_SREG))
+ nftnl_reg_byteorder_resolve(ctx, ct->sreg, e->byteorder);
+ if (e->flags & (1 << NFTNL_EXPR_CT_DREG))
+ nftnl_reg_byteorder_set(ctx, ct->dreg, e->byteorder);
+}
+
static int
nftnl_expr_ct_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -258,5 +287,6 @@ struct expr_ops expr_ops_ct = {
.get = nftnl_expr_ct_get,
.parse = nftnl_expr_ct_parse,
.build = nftnl_expr_ct_build,
+ .byteorder = nftnl_expr_ct_byteorder,
.snprintf = nftnl_expr_ct_snprintf,
};
diff --git a/src/expr/data_reg.c b/src/expr/data_reg.c
index 2633a775c90cc..789958ea66c0d 100644
--- a/src/expr/data_reg.c
+++ b/src/expr/data_reg.c
@@ -27,16 +27,22 @@
static int
nftnl_data_reg_value_snprintf_default(char *buf, size_t remain,
const union nftnl_data_reg *reg,
- uint32_t flags)
+ uint32_t flags,
+ enum nftnl_byteorder byteorder)
{
const char *pfx = flags & DATA_F_NOPFX ? "" : "0x";
int offset = 0, ret, i;
+ uint32_t value;
for (i = 0; i < div_round_up(reg->len, sizeof(uint32_t)); i++) {
- ret = snprintf(buf + offset, remain,
- "%s%.8x ", pfx, reg->val[i]);
+ if (byteorder == NFTNL_BYTEORDER_NETWORK)
+ value = ntohl(reg->val[i]);
+ else
+ value = reg->val[i];
+
+ ret = snprintf(buf + offset, remain, "%s%.8x ", pfx, value);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
}
@@ -63,12 +69,14 @@ nftnl_data_reg_verdict_snprintf_def(char *buf, size_t size,
int nftnl_data_reg_snprintf(char *buf, size_t size,
const union nftnl_data_reg *reg,
- uint32_t flags, int reg_type)
+ uint32_t flags, int reg_type,
+ enum nftnl_byteorder byteorder)
{
switch(reg_type) {
case DATA_VALUE:
return nftnl_data_reg_value_snprintf_default(buf, size,
- reg, flags);
+ reg, flags,
+ byteorder);
case DATA_VERDICT:
case DATA_CHAIN:
return nftnl_data_reg_verdict_snprintf_def(buf, size,
diff --git a/src/expr/dup.c b/src/expr/dup.c
index f041b551a7e78..58c3fe6989e91 100644
--- a/src/expr/dup.c
+++ b/src/expr/dup.c
@@ -111,6 +111,19 @@ static int nftnl_expr_dup_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_dup_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_dup *dup = nftnl_expr_data(e);
+
+ if (e->flags & (1 << NFTNL_EXPR_DUP_SREG_ADDR))
+ nftnl_reg_byteorder_resolve(ctx, dup->sreg_addr,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_DUP_SREG_DEV))
+ nftnl_reg_byteorder_resolve(ctx, dup->sreg_dev,
+ NFTNL_BYTEORDER_HOST);
+}
+
static int nftnl_expr_dup_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
{
@@ -138,5 +151,6 @@ struct expr_ops expr_ops_dup = {
.get = nftnl_expr_dup_get,
.parse = nftnl_expr_dup_parse,
.build = nftnl_expr_dup_build,
+ .byteorder = nftnl_expr_dup_byteorder,
.snprintf = nftnl_expr_dup_snprintf,
};
diff --git a/src/expr/exthdr.c b/src/expr/exthdr.c
index 1b813b1e47c4d..280fe73f48041 100644
--- a/src/expr/exthdr.c
+++ b/src/expr/exthdr.c
@@ -235,6 +235,19 @@ static inline int str2exthdr_type(const char *str)
return -1;
}
+static void
+nftnl_expr_exthdr_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_exthdr *exthdr = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+
+ if (e->flags & (1 << NFTNL_EXPR_EXTHDR_DREG))
+ nftnl_reg_byteorder_set(ctx, exthdr->dreg, e->byteorder);
+ if (e->flags & (1 << NFTNL_EXPR_EXTHDR_SREG))
+ nftnl_reg_byteorder_resolve(ctx, exthdr->sreg, e->byteorder);
+}
+
static int
nftnl_expr_exthdr_snprintf(char *buf, size_t len,
uint32_t flags, const struct nftnl_expr *e)
@@ -262,5 +275,6 @@ struct expr_ops expr_ops_exthdr = {
.get = nftnl_expr_exthdr_get,
.parse = nftnl_expr_exthdr_parse,
.build = nftnl_expr_exthdr_build,
+ .byteorder = nftnl_expr_exthdr_byteorder,
.snprintf = nftnl_expr_exthdr_snprintf,
};
diff --git a/src/expr/fib.c b/src/expr/fib.c
index aaff52acabdbd..75194bff95f41 100644
--- a/src/expr/fib.c
+++ b/src/expr/fib.c
@@ -128,6 +128,23 @@ nftnl_expr_fib_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_fib_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_fib *fib = nftnl_expr_data(e);
+
+ switch (fib->result) {
+ case NFT_FIB_RESULT_OIFNAME:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+ }
+
+ if (e->flags & (1 << NFTNL_EXPR_FIB_DREG))
+ nftnl_reg_byteorder_set(ctx, fib->dreg, e->byteorder);
+}
+
static const char *fib_type[NFT_FIB_RESULT_MAX + 1] = {
[NFT_FIB_RESULT_OIF] = "oif",
[NFT_FIB_RESULT_OIFNAME] = "oifname",
@@ -198,5 +215,6 @@ struct expr_ops expr_ops_fib = {
.get = nftnl_expr_fib_get,
.parse = nftnl_expr_fib_parse,
.build = nftnl_expr_fib_build,
+ .byteorder = nftnl_expr_fib_byteorder,
.snprintf = nftnl_expr_fib_snprintf,
};
diff --git a/src/expr/fwd.c b/src/expr/fwd.c
index 82e5a418bfae5..6875abfa80d19 100644
--- a/src/expr/fwd.c
+++ b/src/expr/fwd.c
@@ -125,6 +125,19 @@ static int nftnl_expr_fwd_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_fwd_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_fwd *fwd = nftnl_expr_data(e);
+
+ if (e->flags & (1 << NFTNL_EXPR_FWD_SREG_DEV))
+ nftnl_reg_byteorder_resolve(ctx, fwd->sreg_dev,
+ NFTNL_BYTEORDER_HOST);
+ if (e->flags & (1 << NFTNL_EXPR_FWD_SREG_ADDR))
+ nftnl_reg_byteorder_resolve(ctx, fwd->sreg_addr,
+ NFTNL_BYTEORDER_NETWORK);
+}
+
static int nftnl_expr_fwd_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
{
@@ -158,5 +171,6 @@ struct expr_ops expr_ops_fwd = {
.get = nftnl_expr_fwd_get,
.parse = nftnl_expr_fwd_parse,
.build = nftnl_expr_fwd_build,
+ .byteorder = nftnl_expr_fwd_byteorder,
.snprintf = nftnl_expr_fwd_snprintf,
};
diff --git a/src/expr/immediate.c b/src/expr/immediate.c
index 94b043c0fc8ab..fb291c7606bab 100644
--- a/src/expr/immediate.c
+++ b/src/expr/immediate.c
@@ -183,6 +183,14 @@ nftnl_expr_immediate_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_immediate_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_immediate *imm = nftnl_expr_data(e);
+
+ nftnl_reg_byteorder_unknown(ctx, imm->dreg, e);
+}
+
static int
nftnl_expr_immediate_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -195,17 +203,19 @@ nftnl_expr_immediate_snprintf(char *buf, size_t remain,
if (e->flags & (1 << NFTNL_EXPR_IMM_DATA)) {
ret = nftnl_data_reg_snprintf(buf + offset, remain, &imm->data,
- flags, DATA_VALUE);
+ flags, DATA_VALUE, e->byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
} else if (e->flags & (1 << NFTNL_EXPR_IMM_VERDICT)) {
ret = nftnl_data_reg_snprintf(buf + offset, remain, &imm->data,
- flags, DATA_VERDICT);
+ flags, DATA_VERDICT,
+ NFTNL_BYTEORDER_UNKNOWN);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
} else if (e->flags & (1 << NFTNL_EXPR_IMM_CHAIN)) {
ret = nftnl_data_reg_snprintf(buf + offset, remain, &imm->data,
- flags, DATA_CHAIN);
+ flags, DATA_CHAIN,
+ NFTNL_BYTEORDER_UNKNOWN);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
}
@@ -229,5 +239,6 @@ struct expr_ops expr_ops_immediate = {
.get = nftnl_expr_immediate_get,
.parse = nftnl_expr_immediate_parse,
.build = nftnl_expr_immediate_build,
+ .byteorder = nftnl_expr_immediate_byteorder,
.snprintf = nftnl_expr_immediate_snprintf,
};
diff --git a/src/expr/masq.c b/src/expr/masq.c
index 684708c758390..a964e3ae1a938 100644
--- a/src/expr/masq.c
+++ b/src/expr/masq.c
@@ -131,6 +131,21 @@ nftnl_expr_masq_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_masq_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_masq *masq = nftnl_expr_data(e);
+
+ if (e->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MIN))
+ nftnl_reg_byteorder_resolve(ctx, masq->sreg_proto_min,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_MASQ_REG_PROTO_MAX))
+ nftnl_reg_byteorder_resolve(ctx, masq->sreg_proto_max,
+ NFTNL_BYTEORDER_NETWORK);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+}
+
static int nftnl_expr_masq_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
{
@@ -163,5 +178,6 @@ struct expr_ops expr_ops_masq = {
.get = nftnl_expr_masq_get,
.parse = nftnl_expr_masq_parse,
.build = nftnl_expr_masq_build,
+ .byteorder = nftnl_expr_masq_byteorder,
.snprintf = nftnl_expr_masq_snprintf,
};
diff --git a/src/expr/meta.c b/src/expr/meta.c
index 34fbb9bb63c03..deb14e5cb054d 100644
--- a/src/expr/meta.c
+++ b/src/expr/meta.c
@@ -191,6 +191,33 @@ static inline int str2meta_key(const char *str)
return -1;
}
+static void nftnl_expr_meta_byteorder(struct nftnl_byteorder_ctx *ctx,
+ struct nftnl_expr *e)
+{
+ struct nftnl_expr_meta *meta = nftnl_expr_data(e);
+
+
+ switch (meta->key) {
+ case NFT_META_PROTOCOL:
+ case NFT_META_IIFNAME:
+ case NFT_META_OIFNAME:
+ case NFT_META_BRI_IIFNAME:
+ case NFT_META_BRI_OIFNAME:
+ case NFT_META_PRANDOM:
+ case NFT_META_BRI_IIFVPROTO:
+ case NFT_META_SDIFNAME:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+ }
+
+ if (e->flags & (1 << NFTNL_EXPR_META_SREG))
+ nftnl_reg_byteorder_resolve(ctx, meta->sreg, e->byteorder);
+ if (e->flags & (1 << NFTNL_EXPR_META_DREG))
+ nftnl_reg_byteorder_set(ctx, meta->dreg, e->byteorder);
+}
+
static int
nftnl_expr_meta_snprintf(char *buf, size_t len,
uint32_t flags, const struct nftnl_expr *e)
@@ -216,5 +243,6 @@ struct expr_ops expr_ops_meta = {
.get = nftnl_expr_meta_get,
.parse = nftnl_expr_meta_parse,
.build = nftnl_expr_meta_build,
+ .byteorder = nftnl_expr_meta_byteorder,
.snprintf = nftnl_expr_meta_snprintf,
};
diff --git a/src/expr/nat.c b/src/expr/nat.c
index 0a9cdd7f65f8f..785ceb20a92bf 100644
--- a/src/expr/nat.c
+++ b/src/expr/nat.c
@@ -220,6 +220,27 @@ static inline int nftnl_str2nat(const char *nat)
}
}
+static void
+nftnl_expr_nat_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_nat *nat = nftnl_expr_data(e);
+
+ if (e->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MIN))
+ nftnl_reg_byteorder_resolve(ctx, nat->sreg_addr_min,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_NAT_REG_ADDR_MAX))
+ nftnl_reg_byteorder_resolve(ctx, nat->sreg_addr_max,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MIN))
+ nftnl_reg_byteorder_resolve(ctx, nat->sreg_proto_min,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_NAT_REG_PROTO_MAX))
+ nftnl_reg_byteorder_resolve(ctx, nat->sreg_proto_max,
+ NFTNL_BYTEORDER_NETWORK);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+}
+
static int
nftnl_expr_nat_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -274,5 +295,6 @@ struct expr_ops expr_ops_nat = {
.get = nftnl_expr_nat_get,
.parse = nftnl_expr_nat_parse,
.build = nftnl_expr_nat_build,
+ .byteorder = nftnl_expr_nat_byteorder,
.snprintf = nftnl_expr_nat_snprintf,
};
diff --git a/src/expr/numgen.c b/src/expr/numgen.c
index 159dfeca3618b..dfbeeaf1b172a 100644
--- a/src/expr/numgen.c
+++ b/src/expr/numgen.c
@@ -142,6 +142,17 @@ nftnl_expr_ng_parse(struct nftnl_expr *e, struct nlattr *attr)
return ret;
}
+static void
+nftnl_expr_ng_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_ng *ng = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+
+ if (e->flags & (1 << NFTNL_EXPR_NG_DREG))
+ nftnl_reg_byteorder_set(ctx, ng->dreg, e->byteorder);
+}
+
static int
nftnl_expr_ng_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -180,5 +191,6 @@ struct expr_ops expr_ops_ng = {
.get = nftnl_expr_ng_get,
.parse = nftnl_expr_ng_parse,
.build = nftnl_expr_ng_build,
+ .byteorder = nftnl_expr_ng_byteorder,
.snprintf = nftnl_expr_ng_snprintf,
};
diff --git a/src/expr/osf.c b/src/expr/osf.c
index 215a681a97aae..b2e4294877c05 100644
--- a/src/expr/osf.c
+++ b/src/expr/osf.c
@@ -124,6 +124,17 @@ nftnl_expr_osf_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_osf_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_osf *osf = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+
+ if (e->flags & (1 << NFTNL_EXPR_OSF_DREG))
+ nftnl_reg_byteorder_set(ctx, osf->dreg, e->byteorder);
+}
+
static int
nftnl_expr_osf_snprintf(char *buf, size_t len,
uint32_t flags, const struct nftnl_expr *e)
@@ -147,5 +158,6 @@ struct expr_ops expr_ops_osf = {
.get = nftnl_expr_osf_get,
.parse = nftnl_expr_osf_parse,
.build = nftnl_expr_osf_build,
+ .byteorder = nftnl_expr_osf_byteorder,
.snprintf = nftnl_expr_osf_snprintf,
};
diff --git a/src/expr/payload.c b/src/expr/payload.c
index 82747ec8994f7..84764e837a965 100644
--- a/src/expr/payload.c
+++ b/src/expr/payload.c
@@ -232,6 +232,19 @@ static inline int nftnl_str2base(const char *base)
}
}
+static void
+nftnl_expr_payload_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_payload *payload = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+
+ if (payload->sreg)
+ nftnl_reg_byteorder_resolve(ctx, payload->sreg, e->byteorder);
+ else
+ nftnl_reg_byteorder_set(ctx, payload->dreg, e->byteorder);
+}
+
static int
nftnl_expr_payload_snprintf(char *buf, size_t len,
uint32_t flags, const struct nftnl_expr *e)
@@ -259,5 +272,6 @@ struct expr_ops expr_ops_payload = {
.get = nftnl_expr_payload_get,
.parse = nftnl_expr_payload_parse,
.build = nftnl_expr_payload_build,
+ .byteorder = nftnl_expr_payload_byteorder,
.snprintf = nftnl_expr_payload_snprintf,
};
diff --git a/src/expr/queue.c b/src/expr/queue.c
index 8f70977f7de85..1a65c8ad6484a 100644
--- a/src/expr/queue.c
+++ b/src/expr/queue.c
@@ -143,6 +143,17 @@ nftnl_expr_queue_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_queue_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_queue *queue = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+
+ if (e->flags & (1 << NFTNL_EXPR_QUEUE_SREG_QNUM))
+ nftnl_reg_byteorder_resolve(ctx, queue->sreg_qnum, e->byteorder);
+}
+
static int
nftnl_expr_queue_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -193,5 +204,6 @@ struct expr_ops expr_ops_queue = {
.get = nftnl_expr_queue_get,
.parse = nftnl_expr_queue_parse,
.build = nftnl_expr_queue_build,
+ .byteorder = nftnl_expr_queue_byteorder,
.snprintf = nftnl_expr_queue_snprintf,
};
diff --git a/src/expr/range.c b/src/expr/range.c
index f76843a8afd0c..ab4e2e70d8d01 100644
--- a/src/expr/range.c
+++ b/src/expr/range.c
@@ -184,6 +184,12 @@ static inline int nftnl_str2range(const char *op)
}
}
+static void nftnl_expr_range_byteorder(struct nftnl_byteorder_ctx *ctx,
+ struct nftnl_expr *e)
+{
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+}
+
static int nftnl_expr_range_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
{
@@ -195,11 +201,11 @@ static int nftnl_expr_range_snprintf(char *buf, size_t remain,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &range->data_from,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, e->byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &range->data_to,
- 0, DATA_VALUE);
+ 0, DATA_VALUE, e->byteorder);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
return offset;
@@ -213,5 +219,6 @@ struct expr_ops expr_ops_range = {
.get = nftnl_expr_range_get,
.parse = nftnl_expr_range_parse,
.build = nftnl_expr_range_build,
+ .byteorder = nftnl_expr_range_byteorder,
.snprintf = nftnl_expr_range_snprintf,
};
diff --git a/src/expr/redir.c b/src/expr/redir.c
index 4f56cb4302b30..3c1ebc13909e5 100644
--- a/src/expr/redir.c
+++ b/src/expr/redir.c
@@ -131,6 +131,21 @@ nftnl_expr_redir_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_redir_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_redir *redir = nftnl_expr_data(e);
+
+ if (e->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MIN))
+ nftnl_reg_byteorder_resolve(ctx, redir->sreg_proto_min,
+ NFTNL_BYTEORDER_NETWORK);
+ if (e->flags & (1 << NFTNL_EXPR_REDIR_REG_PROTO_MAX))
+ nftnl_reg_byteorder_resolve(ctx, redir->sreg_proto_max,
+ NFTNL_BYTEORDER_NETWORK);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+}
+
static int
nftnl_expr_redir_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -167,5 +182,6 @@ struct expr_ops expr_ops_redir = {
.get = nftnl_expr_redir_get,
.parse = nftnl_expr_redir_parse,
.build = nftnl_expr_redir_build,
+ .byteorder = nftnl_expr_redir_byteorder,
.snprintf = nftnl_expr_redir_snprintf,
};
diff --git a/src/expr/rt.c b/src/expr/rt.c
index 1ad9b2ad4043f..bd8b2a91948ee 100644
--- a/src/expr/rt.c
+++ b/src/expr/rt.c
@@ -112,6 +112,24 @@ nftnl_expr_rt_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void nftnl_expr_rt_byteorder(struct nftnl_byteorder_ctx *ctx,
+ struct nftnl_expr *e)
+{
+ struct nftnl_expr_rt *rt = nftnl_expr_data(e);
+
+ switch (rt->key) {
+ case NFT_RT_NEXTHOP4:
+ case NFT_RT_NEXTHOP6:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ break;
+ default:
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+ }
+
+ if (e->flags & (1 << NFTNL_EXPR_RT_DREG))
+ nftnl_reg_byteorder_set(ctx, rt->dreg, e->byteorder);
+}
+
static const char *rt_key2str_array[NFT_RT_MAX + 1] = {
[NFT_RT_CLASSID] = "classid",
[NFT_RT_NEXTHOP4] = "nexthop4",
@@ -162,5 +180,6 @@ struct expr_ops expr_ops_rt = {
.get = nftnl_expr_rt_get,
.parse = nftnl_expr_rt_parse,
.build = nftnl_expr_rt_build,
+ .byteorder = nftnl_expr_rt_byteorder,
.snprintf = nftnl_expr_rt_snprintf,
};
diff --git a/src/expr/socket.c b/src/expr/socket.c
index 02d86f8ac57c0..dae9ea22bd24f 100644
--- a/src/expr/socket.c
+++ b/src/expr/socket.c
@@ -126,6 +126,17 @@ nftnl_expr_socket_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_socket_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_socket *socket = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+
+ if (e->flags & (1 << NFTNL_EXPR_SOCKET_DREG))
+ nftnl_reg_byteorder_set(ctx, socket->dreg, e->byteorder);
+}
+
static const char *socket_key2str_array[NFT_SOCKET_MAX + 1] = {
[NFT_SOCKET_TRANSPARENT] = "transparent",
[NFT_SOCKET_MARK] = "mark",
@@ -165,5 +176,6 @@ struct expr_ops expr_ops_socket = {
.get = nftnl_expr_socket_get,
.parse = nftnl_expr_socket_parse,
.build = nftnl_expr_socket_build,
+ .byteorder = nftnl_expr_socket_byteorder,
.snprintf = nftnl_expr_socket_snprintf,
};
diff --git a/src/expr/tproxy.c b/src/expr/tproxy.c
index d3ee8f89b6db3..ef3e20569c1cf 100644
--- a/src/expr/tproxy.c
+++ b/src/expr/tproxy.c
@@ -134,6 +134,19 @@ nftnl_expr_tproxy_build(struct nlmsghdr *nlh, const struct nftnl_expr *e)
htonl(tproxy->sreg_port));
}
+static void nftnl_expr_tproxy_byteorder(struct nftnl_byteorder_ctx *ctx,
+ struct nftnl_expr *e)
+{
+ struct nftnl_expr_tproxy *t = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+
+ if (e->flags & (1 << NFTNL_EXPR_TPROXY_REG_ADDR))
+ nftnl_reg_byteorder_resolve(ctx, t->sreg_addr, e->byteorder);
+ if (e->flags & (1 << NFTNL_EXPR_TPROXY_REG_PORT))
+ nftnl_reg_byteorder_resolve(ctx, t->sreg_port, e->byteorder);
+}
+
static int
nftnl_expr_tproxy_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -170,5 +183,6 @@ struct expr_ops expr_ops_tproxy = {
.get = nftnl_expr_tproxy_get,
.parse = nftnl_expr_tproxy_parse,
.build = nftnl_expr_tproxy_build,
+ .byteorder = nftnl_expr_tproxy_byteorder,
.snprintf = nftnl_expr_tproxy_snprintf,
};
diff --git a/src/expr/tunnel.c b/src/expr/tunnel.c
index 1460fd26b0fbc..94a6c9bb4add2 100644
--- a/src/expr/tunnel.c
+++ b/src/expr/tunnel.c
@@ -111,6 +111,17 @@ nftnl_expr_tunnel_parse(struct nftnl_expr *e, struct nlattr *attr)
return 0;
}
+static void
+nftnl_expr_tunnel_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_tunnel *tunnel = nftnl_expr_data(e);
+
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+
+ if (e->flags & (1 << NFTNL_EXPR_TUNNEL_DREG))
+ nftnl_reg_byteorder_set(ctx, tunnel->dreg, e->byteorder);
+}
+
static const char *tunnel_key2str_array[NFT_TUNNEL_MAX + 1] = {
[NFT_TUNNEL_PATH] = "path",
[NFT_TUNNEL_ID] = "id",
@@ -145,5 +156,6 @@ struct expr_ops expr_ops_tunnel = {
.get = nftnl_expr_tunnel_get,
.parse = nftnl_expr_tunnel_parse,
.build = nftnl_expr_tunnel_build,
+ .byteorder = nftnl_expr_tunnel_byteorder,
.snprintf = nftnl_expr_tunnel_snprintf,
};
diff --git a/src/expr/xfrm.c b/src/expr/xfrm.c
index c81d14d638dcd..3134b076f042e 100644
--- a/src/expr/xfrm.c
+++ b/src/expr/xfrm.c
@@ -171,6 +171,23 @@ static const char *xfrmdir2str(uint8_t dir)
return xfrmdir2str_array[dir];
}
+static void
+nftnl_expr_xfrm_byteorder(struct nftnl_byteorder_ctx *ctx, struct nftnl_expr *e)
+{
+ struct nftnl_expr_xfrm *x = nftnl_expr_data(e);
+
+ switch (x->key) {
+ case NFT_XFRM_KEY_REQID:
+ e->byteorder = NFTNL_BYTEORDER_HOST;
+ break;
+ default:
+ e->byteorder = NFTNL_BYTEORDER_NETWORK;
+ }
+
+ if (e->flags & (1 << NFTNL_EXPR_XFRM_DREG))
+ nftnl_reg_byteorder_set(ctx, x->dreg, e->byteorder);
+}
+
static int
nftnl_expr_xfrm_snprintf(char *buf, size_t remain,
uint32_t flags, const struct nftnl_expr *e)
@@ -196,5 +213,6 @@ struct expr_ops expr_ops_xfrm = {
.get = nftnl_expr_xfrm_get,
.parse = nftnl_expr_xfrm_parse,
.build = nftnl_expr_xfrm_build,
+ .byteorder = nftnl_expr_xfrm_byteorder,
.snprintf = nftnl_expr_xfrm_snprintf,
};
diff --git a/src/rule.c b/src/rule.c
index 0bb1c2a0583c1..9f1caa6feb57e 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -549,6 +549,7 @@ static int nftnl_rule_snprintf_default(char *buf, size_t remain,
const struct nftnl_rule *r,
uint32_t type, uint32_t flags)
{
+ struct nftnl_byteorder_ctx ctx = {};
struct nftnl_expr *expr;
int ret, offset = 0, i;
const char *sep = "";
@@ -603,6 +604,12 @@ static int nftnl_rule_snprintf_default(char *buf, size_t remain,
ret = snprintf(buf + offset, remain, "\n");
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
+ list_for_each_entry(expr, &r->expr_list, head) {
+ if (!expr->ops->byteorder)
+ continue;
+ expr->ops->byteorder(&ctx, expr);
+ }
+
list_for_each_entry(expr, &r->expr_list, head) {
ret = snprintf(buf + offset, remain, " [ %s ", expr->ops->name);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
diff --git a/src/set_elem.c b/src/set_elem.c
index 12eadce1f8e0c..9b18f4def6c47 100644
--- a/src/set_elem.c
+++ b/src/set_elem.c
@@ -708,7 +708,8 @@ int nftnl_set_elem_snprintf_default(char *buf, size_t remain,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->key,
- DATA_F_NOPFX, DATA_VALUE);
+ DATA_F_NOPFX, DATA_VALUE,
+ NFTNL_BYTEORDER_UNKNOWN);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
if (e->flags & (1 << NFTNL_SET_ELEM_KEY_END)) {
@@ -716,7 +717,8 @@ int nftnl_set_elem_snprintf_default(char *buf, size_t remain,
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->key_end,
- DATA_F_NOPFX, DATA_VALUE);
+ DATA_F_NOPFX, DATA_VALUE,
+ NFTNL_BYTEORDER_UNKNOWN);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
}
@@ -727,7 +729,8 @@ int nftnl_set_elem_snprintf_default(char *buf, size_t remain,
dregtype = DATA_VERDICT;
ret = nftnl_data_reg_snprintf(buf + offset, remain, &e->data,
- DATA_F_NOPFX, dregtype);
+ DATA_F_NOPFX, dregtype,
+ NFTNL_BYTEORDER_UNKNOWN);
SNPRINTF_BUFFER_SIZE(ret, remain, offset);
ret = snprintf(buf + offset, remain, "%u [end]", e->set_elem_flags);
--
2.33.0
next prev parent reply other threads:[~2021-11-24 17:23 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-24 17:22 [libnftnl PATCH 0/7] Stabilize debug output on different endian systems Phil Sutter
2021-11-24 17:22 ` Phil Sutter [this message]
2021-12-12 17:12 ` [libnftnl PATCH v2 1/7] src: add infrastructure to infer byteorder from keys Jeremy Sowden
2021-11-24 17:22 ` [libnftnl PATCH 2/7] set: Introduce NFTNL_SET_DESC_BYTEORDER Phil Sutter
2021-11-24 17:22 ` [libnftnl PATCH 3/7] set: Introduce NFTNL_SET_DESC_CONCAT_DATA Phil Sutter
2021-11-30 13:46 ` Pablo Neira Ayuso
2021-11-30 17:45 ` Phil Sutter
2022-01-05 16:17 ` Pablo Neira Ayuso
2022-01-06 13:10 ` Phil Sutter
2022-01-20 0:08 ` Pablo Neira Ayuso
2021-11-24 17:22 ` [libnftnl PATCH 4/7] data_reg: Support varying byteorder in concat data Phil Sutter
2021-11-24 17:22 ` [libnftnl PATCH 5/7] data_reg: Respect each value's size Phil Sutter
2021-11-24 17:22 ` [libnftnl PATCH 6/7] include: Introduce and publish struct nftnl_set_desc Phil Sutter
2021-11-24 17:22 ` [libnftnl PATCH 7/7] set: Introduce nftnl_set_elem_snprintf_desc() Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211124172242.11402-2-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).