diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-17 11:10:06 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-11-17 11:10:06 +0100 |
| commit | a5c4a5365e141dce83343233c83f4e7facb02ceb (patch) | |
| tree | 7df93624442be713c8d52778f4450209b467a13c | |
| parent | 54b65608f59b5c979cb912b4f774bb1767764e45 (diff) | |
parser_json: add raw payload inner header match support
Add missing "ih" base raw payload and extend tests/py to cover this new
usecase.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/parser_json.c | 2 | ||||
| -rw-r--r-- | tests/py/any/rawpayload.t | 2 | ||||
| -rw-r--r-- | tests/py/any/rawpayload.t.json | 17 | ||||
| -rw-r--r-- | tests/py/any/rawpayload.t.payload | 6 |
4 files changed, 27 insertions, 0 deletions
diff --git a/src/parser_json.c b/src/parser_json.c index 3cd21175..7a2d30ff 100644 --- a/src/parser_json.c +++ b/src/parser_json.c @@ -558,6 +558,8 @@ static struct expr *json_parse_payload_expr(struct json_ctx *ctx, val = PROTO_BASE_NETWORK_HDR; } else if (!strcmp(base, "th")) { val = PROTO_BASE_TRANSPORT_HDR; + } else if (!strcmp(base, "ih")) { + val = PROTO_BASE_INNER_HDR; } else { json_error(ctx, "Invalid payload base '%s'.", base); return NULL; diff --git a/tests/py/any/rawpayload.t b/tests/py/any/rawpayload.t index 9fe377e2..128e8088 100644 --- a/tests/py/any/rawpayload.t +++ b/tests/py/any/rawpayload.t @@ -18,3 +18,5 @@ meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80} @ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80 @ll,0,8 & 0x80 == 0x80;ok @ll,0,128 0xfedcba987654321001234567890abcde;ok + +@ih,32,32 0x14000000;ok diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json index 9481d9bf..b5115e0d 100644 --- a/tests/py/any/rawpayload.t.json +++ b/tests/py/any/rawpayload.t.json @@ -156,3 +156,20 @@ } ] +# @ih,32,32 0x14000000 +[ + { + "match": { + "left": { + "payload": { + "base": "ih", + "len": 32, + "offset": 32 + } + }, + "op": "==", + "right": 335544320 + } + } +] + diff --git a/tests/py/any/rawpayload.t.payload b/tests/py/any/rawpayload.t.payload index d2b38183..61c41cb9 100644 --- a/tests/py/any/rawpayload.t.payload +++ b/tests/py/any/rawpayload.t.payload @@ -47,3 +47,9 @@ inet test-inet input inet test-inet input [ payload load 16b @ link header + 0 => reg 1 ] [ cmp eq reg 1 0x98badcfe 0x10325476 0x67452301 0xdebc0a89 ] + +# @ih,32,32 0x14000000 +inet test-inet input + [ payload load 4b @ inner header + 4 => reg 1 ] + [ cmp eq reg 1 0x00000014 ] + |