From patchwork Mon Aug 4 16:00:10 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alvaro Neira X-Patchwork-Id: 376359 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 41A6914008B for ; Tue, 5 Aug 2014 02:01:08 +1000 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751253AbaHDQBF (ORCPT ); Mon, 4 Aug 2014 12:01:05 -0400 Received: from mail-wg0-f44.google.com ([74.125.82.44]:41118 "EHLO mail-wg0-f44.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752681AbaHDQBD (ORCPT ); Mon, 4 Aug 2014 12:01:03 -0400 Received: by mail-wg0-f44.google.com with SMTP id m15so7857477wgh.27 for ; Mon, 04 Aug 2014 09:00:58 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=jaGvylkFj/DaR9XSgKBzVz0qLLYUS5zeOp0creblntA=; b=AtgjxXOKdCn/X+7HUdt1Vx42ATOmKGBeiIYVvhzoWyKSzrg69/FktqsywJ5hvRmqKq IGAIqJYGMoXmMgdwwl10A52IQSgA2c8v4xuqhj0FdP3pmG7qhAnWCe5QDRJdnzQSh1QV DGYYX2Qwj7NnEyrGiBWVjV3dQAWLVvI9MQli+T4mnPXbG4m+dVN45qXJiMFyM9f3CyzF k7NbaX6qvJMBdilbk5qywMWm8f5zBnr5kBBGzJSnlUeg6XDPsn0nLLX7l9RPO7DY1weg 4szD0JCYpkzjKEaZhLK0NOJxnWqxpoC5F5sr5W+0AxC9GbGEUHrOu0//s+8BOW/l+Jc9 ZDhg== X-Received: by 10.180.81.234 with SMTP id d10mr31269443wiy.79.1407168057988; Mon, 04 Aug 2014 09:00:57 -0700 (PDT) Received: from localhost.localdomain (81.60.42.0.dyn.user.ono.com. [81.60.42.0]) by mx.google.com with ESMTPSA id gq4sm42085557wib.8.2014.08.04.09.00.55 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 04 Aug 2014 09:00:57 -0700 (PDT) From: Alvaro Neira Ayuso To: netfilter-devel@vger.kernel.org Cc: kaber@trash.net Subject: [nft PATCH 4/5 v2] src: fix byteorder conversions in range values Date: Mon, 4 Aug 2014 18:00:10 +0200 Message-Id: <1407168011-6424-5-git-send-email-alvaroneay@gmail.com> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1407168011-6424-1-git-send-email-alvaroneay@gmail.com> References: <1407168011-6424-1-git-send-email-alvaroneay@gmail.com> Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Currently when we try to use range values in nft rules doesn't work correctly. Usually this problem is related to incorrect byteorder conversion. I make the following solution for showing the range in the correct byteorder. Example: * nft add rule filter input tcp checksum 22-55 * nft list table filter tcp checksum >= 5632 tcp checksum <= 14080 And now, if we show it: * nft add rule filter input tcp checksum 22-55 * nft list table filter tcp checksum >= 22 tcp checksum <= 55 Signed-off-by: Alvaro Neira Ayuso --- [changes in v2] * Changed the solution for big endian and host endian cases. src/netlink_delinearize.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 1035e32..af18dcc 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -627,6 +627,17 @@ static void payload_dependency_store(struct rule_pp_ctx *ctx, ctx->pdep = stmt; } +static void payload_elem_postprocess(struct expr *expr) +{ + switch (expr->ops->type) { + case EXPR_VALUE: + expr_switch_byteorder(expr); + break; + default: + break; + } +} + static void payload_match_postprocess(struct rule_pp_ctx *ctx, struct stmt *stmt, struct expr *expr) { @@ -677,6 +688,14 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx, payload_expr_complete(left, &ctx->pctx); expr_set_type(expr->right, expr->left->dtype, expr->left->byteorder); + + /* If we have rules that we have used payload with ranges or set + * we must to convert it to host endian for representing it + * correctly + */ + if (left->dtype->byteorder == BYTEORDER_BIG_ENDIAN) + payload_elem_postprocess(expr->right); + payload_dependency_kill(ctx, expr->left); break; }