[nft,0/5] payload: make raw protocl expressions work

Message ID	20180226144247.12257-1-fw@strlen.de
Headers	show Return-Path: <netfilter-devel-owner@vger.kernel.org> From: Florian Westphal <fw@strlen.de> To: <netfilter-devel@vger.kernel.org> Subject: [PATCH nft 0/5] payload: make raw protocl expressions work Date: Mon, 26 Feb 2018 15:42:42 +0100 Message-Id: <20180226144247.12257-1-fw@strlen.de> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk
Series	payload: make raw protocl expressions work \| expand [nft,0/5] payload: make raw protocl expressions work [nft,1/5] payload: use integer_type when initializing a raw expression [nft,2/5] payload: don't resolve expressions using the inet pseudoheader [nft,3/5] src: make raw payloads work [nft,4/5] doc: document raw protocol expression [nft,5/5] tests: add raw payload test cases.

Message ID

20180226144247.12257-1-fw@strlen.de

Headers

From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Subject: [PATCH nft 0/5] payload: make raw protocl expressions work
Date: Mon, 26 Feb 2018 15:42:42 +0100
Message-Id: <20180226144247.12257-1-fw@strlen.de>
Sender: netfilter-devel-owner@vger.kernel.org
Precedence: bulk

Series

payload: make raw protocl expressions work | expand

Message

Florian Westphal Feb. 26, 2018, 2:42 p.m. UTC

This patch series aims to make raw payload expressions work.

Raw payload expressions use following syntax:

@base,offset,length

which tells nftables user wants to read 'length' bits off 'offset' bits
relative to @base.

base can be either ll,nh, or th.
See patch 4 for documentation update.

This series doesn't add a new syntax, i.e. nft still lacks
type and expects data in big-endian.
nft will NOT insert protocol dependency for a raw payload expression
and inputs like '192.168.0.1' will not be recognized.

I think we should consider adding some 'cast' operation that
would allow so, for example

  @th,16,16 type '"inet_service" ssh'

or something similar to tell nft that "ssh" is a inet_service symbol that
needs conversion to 22.

This would be independent of raw payloads and might also help to do
something like

   mark set type "meta mark" ip6 saddr

i.e. force a conversion of the RHS type (including truncation).

 doc/nft.xml                       |   59 ++++++++++++++++++++++++++++++++++++++
 include/expression.h              |    1 
 src/evaluate.c                    |    3 +
 src/parser_bison.y                |    3 +
 src/payload.c                     |    5 +--
 tests/py/any/rawpayload.t         |   19 ++++++++++++
 tests/py/any/rawpayload.t.payload |   49 +++++++++++++++++++++++++++++++
 tests/py/arp/arp.t                |    2 +
 tests/py/arp/arp.t.payload        |   10 ++++++
 tests/py/arp/arp.t.payload.netdev |   13 ++++++++
 10 files changed, 162 insertions(+), 2 deletions(-)
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html