summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPhil Sutter <phil@nwl.cc>2019-08-20 22:09:04 +0200
committerPhil Sutter <phil@nwl.cc>2019-11-25 23:31:08 +0100
commitb34bfe69c670d648cfc3d0c00ef1567894894df5 (patch)
tree75bfa829f63f96ecdf91021d03bd454c89fe77ca
parente104dcc80d54001a6a739a0a60f4a60a9f654d79 (diff)
nft: Bore up nft_parse_payload()
Allow for closer inspection by storing payload expression's base and length values. Also facilitate for two consecutive payload expressions as LHS of a (cmp/lookup) statement as used with concatenations. Signed-off-by: Phil Sutter <phil@nwl.cc> Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--iptables/nft-shared.c8
-rw-r--r--iptables/nft-shared.h4
2 files changed, 11 insertions, 1 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 80d4e1fc..a67302ee 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -445,8 +445,16 @@ static void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
static void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
{
+ if (ctx->flags & NFT_XT_CTX_PAYLOAD) {
+ memcpy(&ctx->prev_payload, &ctx->payload,
+ sizeof(ctx->prev_payload));
+ ctx->flags |= NFT_XT_CTX_PREV_PAYLOAD;
+ }
+
ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
+ ctx->payload.base = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_BASE);
ctx->payload.offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
+ ctx->payload.len = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN);
ctx->flags |= NFT_XT_CTX_PAYLOAD;
}
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index e79323c8..4dc44b84 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -43,6 +43,7 @@ enum {
NFT_XT_CTX_META = (1 << 1),
NFT_XT_CTX_BITWISE = (1 << 2),
NFT_XT_CTX_IMMEDIATE = (1 << 3),
+ NFT_XT_CTX_PREV_PAYLOAD = (1 << 4),
};
struct nft_xt_ctx {
@@ -53,9 +54,10 @@ struct nft_xt_ctx {
uint32_t reg;
struct {
+ uint32_t base;
uint32_t offset;
uint32_t len;
- } payload;
+ } payload, prev_payload;
struct {
uint32_t key;
} meta;