From patchwork Sat Sep 29 10:15:17 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: "Fernando F. Mancera" X-Patchwork-Id: 976566 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=riseup.net Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=riseup.net header.i=@riseup.net header.b="Xk4njBz4"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 42MkvV47rnz9s7T for ; Sat, 29 Sep 2018 20:15:34 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727802AbeI2QnV (ORCPT ); Sat, 29 Sep 2018 12:43:21 -0400 Received: from mx1.riseup.net ([198.252.153.129]:33428 "EHLO mx1.riseup.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727785AbeI2QnV (ORCPT ); Sat, 29 Sep 2018 12:43:21 -0400 Received: from piha.riseup.net (piha-pn.riseup.net [10.0.1.163]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (Client CN "*.riseup.net", Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK)) by mx1.riseup.net (Postfix) with ESMTPS id A906D1A0202 for ; Sat, 29 Sep 2018 03:15:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1538216129; bh=xsmnHeHJklRq2zm5k8s3/G/+jnAcomWSVoWA6qYvmIs=; h=From:To:Cc:Subject:Date:From; b=Xk4njBz420nqs+h/j6d8pZojaDOt/+glG/JSxZ8oRjNKAFb5ML/u6VxubsKpKaMmS KDYx0R8G7Fk7KlTZQduaVptkqxC2L3gqMXpdFfBrml3b0RxAGdpJb2jV7q4W7823U7 8g/C1+0jkla1mSj1EJH6ATzQln/t0Bc4RCy5jycg= X-Riseup-User-ID: D9C7C73B36BF74C914698EC26EC71CA5566C42F84FDC3BAD3C0D3C4AE9F9355B Received: from [127.0.0.1] (localhost [127.0.0.1]) by piha.riseup.net with ESMTPSA id A2B965026F; Sat, 29 Sep 2018 03:15:28 -0700 (PDT) From: Fernando Fernandez Mancera To: netfilter-devel@vger.kernel.org Cc: Fernando Fernandez Mancera Subject: [PATCH 1/2 nft v2] src: osf: add ttl option support Date: Sat, 29 Sep 2018 12:15:17 +0200 Message-Id: <20180929101518.843-1-ffmancera@riseup.net> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Add support for ttl option in "osf" expression. Example: table ip foo { chain bar { type filter hook input priority filter; policy accept; osf ttl nocheck name "Linux" } } Signed-off-by: Fernando Fernandez Mancera --- v1: initial patch v2: use "ttl-global" or "ttl-nocheck" instead of "1" or "2" --- include/expression.h | 4 ++++ include/linux/netfilter/nf_tables.h | 2 ++ include/osf.h | 2 +- src/netlink_delinearize.c | 5 ++++- src/netlink_linearize.c | 1 + src/osf.c | 26 ++++++++++++++++++++++++-- src/parser_bison.y | 17 +++++++++++++++-- 7 files changed, 51 insertions(+), 6 deletions(-) diff --git a/include/expression.h b/include/expression.h index fb52abf..a794128 100644 --- a/include/expression.h +++ b/include/expression.h @@ -345,6 +345,10 @@ struct expr { uint8_t direction; uint8_t spnum; } xfrm; + struct { + /* EXPR_OSF */ + uint8_t ttl; + } osf; }; }; diff --git a/include/linux/netfilter/nf_tables.h b/include/linux/netfilter/nf_tables.h index 169c2ab..1003942 100644 --- a/include/linux/netfilter/nf_tables.h +++ b/include/linux/netfilter/nf_tables.h @@ -939,10 +939,12 @@ enum nft_socket_keys { * enum nft_osf_attributes - nf_tables osf expression netlink attributes * * @NFTA_OSF_DREG: destination register (NLA_U32: nft_registers) + * @NFTA_OSF_TTL: Value of the TTL osf option (NLA_U8) */ enum nft_osf_attributes { NFTA_OSF_UNSPEC, NFTA_OSF_DREG, + NFTA_OSF_TTL, __NFTA_OSF_MAX }; #define NFT_OSF_MAX (__NFTA_OSF_MAX - 1) diff --git a/include/osf.h b/include/osf.h index 54cdd4a..23ea34d 100644 --- a/include/osf.h +++ b/include/osf.h @@ -1,7 +1,7 @@ #ifndef NFTABLES_OSF_H #define NFTABLES_OSF_H -struct expr *osf_expr_alloc(const struct location *loc); +struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl); extern int nfnl_osf_load_fingerprints(struct netlink_ctx *ctx, int del); diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 0a6ebe0..d474893 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -655,8 +655,11 @@ static void netlink_parse_osf(struct netlink_parse_ctx *ctx, { enum nft_registers dreg; struct expr *expr; + uint8_t ttl; + + ttl = nftnl_expr_get_u8(nle, NFTNL_EXPR_OSF_TTL); + expr = osf_expr_alloc(loc, ttl); - expr = osf_expr_alloc(loc); dreg = netlink_parse_register(nle, NFTNL_EXPR_OSF_DREG); netlink_set_register(ctx, dreg, expr); } diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 0ac51bd..0c8f5fe 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -227,6 +227,7 @@ static void netlink_gen_osf(struct netlink_linearize_ctx *ctx, nle = alloc_nft_expr("osf"); netlink_put_register(nle, NFTNL_EXPR_OSF_DREG, dreg); + nftnl_expr_set_u8(nle, NFTNL_EXPR_OSF_TTL, expr->osf.ttl); nftnl_rule_add_expr(ctx->nlr, nle); } diff --git a/src/osf.c b/src/osf.c index 85c9573..c7dd25f 100644 --- a/src/osf.c +++ b/src/osf.c @@ -5,13 +5,32 @@ #include #include +static const char *osf_ttl_int_to_str(const uint8_t ttl) +{ + if (ttl == 1) + return "ttl global"; + else if (ttl == 2) + return "ttl nocheck"; + + return ""; +} + static void osf_expr_print(const struct expr *expr, struct output_ctx *octx) { - nft_print(octx, "osf name"); + const char *ttl_str; + + ttl_str = osf_ttl_int_to_str(expr->osf.ttl); + nft_print(octx, "osf %s name", ttl_str); } static void osf_expr_clone(struct expr *new, const struct expr *expr) { + new->osf.ttl = expr->osf.ttl; +} + +static bool osf_expr_cmp(const struct expr *e1, const struct expr *e2) +{ + return e1->osf.ttl == e2->osf.ttl; } static const struct expr_ops osf_expr_ops = { @@ -19,10 +38,11 @@ static const struct expr_ops osf_expr_ops = { .name = "osf", .print = osf_expr_print, .clone = osf_expr_clone, + .cmp = osf_expr_cmp, .json = osf_expr_json, }; -struct expr *osf_expr_alloc(const struct location *loc) +struct expr *osf_expr_alloc(const struct location *loc, const uint8_t ttl) { unsigned int len = NFT_OSF_MAXGENRELEN * BITS_PER_BYTE; const struct datatype *type = &string_type; @@ -31,5 +51,7 @@ struct expr *osf_expr_alloc(const struct location *loc) expr = expr_alloc(loc, &osf_expr_ops, type, BYTEORDER_HOST_ENDIAN, len); + expr->osf.ttl = ttl; + return expr; } diff --git a/src/parser_bison.y b/src/parser_bison.y index 831090b..a7ec858 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -739,6 +739,7 @@ int nft_lex(void *, void *, void *); %type fib_tuple fib_result fib_flag %type osf_expr +%type osf_ttl %destructor { expr_free($$); } osf_expr %type markup_format @@ -3112,9 +3113,21 @@ fib_tuple : fib_flag DOT fib_tuple | fib_flag ; -osf_expr : OSF NAME +osf_expr : OSF osf_ttl NAME { - $$ = osf_expr_alloc(&@$); + $$ = osf_expr_alloc(&@$, $2); + } + ; + +osf_ttl : /* empty */ { $$ = 0; } + | STRING + { + if (!strcmp($1, "ttl-global")) + $$ = 1; + else if (!strcmp($1, "ttl-nocheck")) + $$ = 2; + else + $$ = 3; } ;