diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-07-07 23:40:19 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-07-08 00:33:43 +0200 |
commit | 668c18f672038dffa72b67d834445e0fe5ae286d (patch) | |
tree | 844aa1057bae7be23a7f99af45efda96f8bd6f3f /tests | |
parent | 25e7b99cc450490c38becb03d8bddd0199cfd3f9 (diff) |
evaluate: place byteorder conversion before rshift in payload statement
For bitfield that spans more than one byte, such as ip6 dscp, byteorder
conversion needs to be done before rshift. Add unary expression for this
conversion only in the case of meta and ct statements.
Before this patch:
# nft --debug=netlink add rule ip6 x y 'meta mark set ip6 dscp'
ip6 x y
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
[ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
[ byteorder reg 1 = ntoh(reg 1, 2, 2) ] <--------- incorrect
[ meta set mark with reg 1 ]
After this patch:
# nft --debug=netlink add rule ip6 x y 'meta mark set ip6 dscp'
ip6 x y
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
[ byteorder reg 1 = ntoh(reg 1, 2, 2) ] <-------- correct
[ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
[ meta set mark with reg 1 ]
For the matching case, binary transfer already deals with the rshift to
adjust left and right hand side of the expression, the unary conversion
is not needed in such case.
Fixes: 8221d86e616b ("tests: py: add test-cases for ct and packet mark payload expressions")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests')
-rw-r--r-- | tests/py/ip6/ct.t.payload | 10 | ||||
-rw-r--r-- | tests/py/ip6/meta.t.payload | 4 |
2 files changed, 7 insertions, 7 deletions
diff --git a/tests/py/ip6/ct.t.payload b/tests/py/ip6/ct.t.payload index 9b85c75a..944208f2 100644 --- a/tests/py/ip6/ct.t.payload +++ b/tests/py/ip6/ct.t.payload @@ -2,8 +2,8 @@ ip6 test-ip6 output [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ ct set mark with reg 1 ] @@ -12,8 +12,8 @@ ip6 test-ip6 output ip6 test-ip6 output [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ ct set mark with reg 1 ] @@ -22,8 +22,8 @@ ip6 test-ip6 output ip6 test-ip6 output [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 & 0xfffffffb ) ^ 0x00000004 ] [ ct set mark with reg 1 ] @@ -31,8 +31,8 @@ ip6 test-ip6 output ip6 test-ip6 output [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 & 0x00ffffff ) ^ 0xff000000 ] [ ct set mark with reg 1 ] @@ -40,7 +40,7 @@ ip6 test-ip6 output ip6 test-ip6 output [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 & 0x0000003c ) ^ 0x00000000 ] [ ct set mark with reg 1 ] diff --git a/tests/py/ip6/meta.t.payload b/tests/py/ip6/meta.t.payload index 379a9c13..6a37f1de 100644 --- a/tests/py/ip6/meta.t.payload +++ b/tests/py/ip6/meta.t.payload @@ -65,8 +65,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 << 0x00000002 ) ] [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ meta set mark with reg 1 ] @@ -75,8 +75,8 @@ ip6 test-ip6 input ip6 test-ip6 input [ payload load 2b @ network header + 0 => reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] - [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ bitwise reg 1 = ( reg 1 << 0x0000001a ) ] [ bitwise reg 1 = ( reg 1 & 0xffffffef ) ^ 0x00000010 ] [ meta set mark with reg 1 ] |