[nft] evaluate: Detect address family in inet context

Message ID	20180618130555.25615-1-ecklm94@gmail.com
State	Not Applicable
Delegated to:	Pablo Neira
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com> To: netfilter-devel@vger.kernel.org Subject: [PATCH nft] evaluate: Detect address family in inet context Date: Mon, 18 Jun 2018 15:05:55 +0200 Message-Id: <20180618130555.25615-1-ecklm94@gmail.com> In-Reply-To: <20180618122506.2ee7aywpi225rxxs@salvia> References: <20180618122506.2ee7aywpi225rxxs@salvia> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	[nft] evaluate: Detect address family in inet context \| expand [nft] evaluate: Detect address family in inet context

Message ID

20180618130555.25615-1-ecklm94@gmail.com

State

Not Applicable

Delegated to:

Pablo Neira

Headers

From: =?utf-8?b?TcOhdMOpIEVja2w=?= <ecklm94@gmail.com>
To: netfilter-devel@vger.kernel.org
Subject: [PATCH nft] evaluate: Detect address family in inet context
Date: Mon, 18 Jun 2018 15:05:55 +0200
Message-Id: <20180618130555.25615-1-ecklm94@gmail.com>
In-Reply-To: <20180618122506.2ee7aywpi225rxxs@salvia>
References: <20180618122506.2ee7aywpi225rxxs@salvia>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

[nft] evaluate: Detect address family in inet context | expand

Commit Message

Máté Eckl June 18, 2018, 1:05 p.m. UTC

This patch fixes address evaluation in inet context.

Outside of an ip table, the address type before evaluation was set to
ipv6 address by default, which caused error when adding ipv4 address to
an inet table.

Example:
	# nft add rule inet x y tproxy to 1.1.1.1
	Error: Could not resolve hostname: Address family for hostname not supported
	add rule inet x y tproxy to 1.1.1.1
	                            ^^^^^^^
Signed-off-by: Máté Eckl <ecklm94@gmail.com>
---
 src/evaluate.c | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

Comments

Florian Westphal June 20, 2018, 10:49 a.m. UTC | #1

Máté Eckl <ecklm94@gmail.com> wrote:
> This patch fixes address evaluation in inet context.
> 
> Outside of an ip table, the address type before evaluation was set to
> ipv6 address by default, which caused error when adding ipv4 address to
> an inet table.
> 
> Example:
> 	# nft add rule inet x y tproxy to 1.1.1.1
> 	Error: Could not resolve hostname: Address family for hostname not supported
> 	add rule inet x y tproxy to 1.1.1.1

I see no problem here, so
Acked-by: Florian Westphal <fw@strlen.de>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/src/evaluate.c b/src/evaluate.c
index 9ff2c0b..61b4697 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2431,12 +2431,28 @@  static int evaluate_addr(struct eval_ctx *ctx, struct stmt *stmt,
 	const struct datatype *dtype;
 	unsigned int len;
 
-	if (pctx->family == NFPROTO_IPV4) {
+	switch (pctx->family) {
+	case NFPROTO_IPV4:
 		dtype = &ipaddr_type;
 		len   = 4 * BITS_PER_BYTE;
-	} else {
+		break;
+	case NFPROTO_IPV6:
 		dtype = &ip6addr_type;
 		len   = 16 * BITS_PER_BYTE;
+		break;
+	case NFPROTO_INET:
+		if (strchr((*expr)->identifier, ':')) {
+			dtype = &ip6addr_type;
+			len   = 16 * BITS_PER_BYTE;
+		}
+		else {
+			dtype = &ipaddr_type;
+			len   = 4 * BITS_PER_BYTE;
+		}
+		break;
+	default:
+		return stmt_binary_error(ctx, *expr, stmt,
+					 "Invalid context family for address evaluation");
 	}
 
 	return stmt_evaluate_arg(ctx, stmt, dtype, len, BYTEORDER_BIG_ENDIAN,

[nft] evaluate: Detect address family in inet context

Commit Message

Comments

Patch