bsf: major rework of the BSF generation code

This patch reworks the BSF automatic generation code. This
feature needs more love and it has several limitations like
that the maximum number of IPs are 127 due to BSF code
restrictions. See this patch as a first step forward.

This patch also adds the stack data type, which is used to
resolve jump dynamically instead of the previous static
approach.

This patch also includes fixes in the limitations, previous
calculations were wrong.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 10 insertions, 4 deletions

diff --git a/include/internal/object.h b/include/internal/object.h
index 8213f4a..53f942d 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -171,9 +171,13 @@ struct nfct_filter {
 	enum nfct_filter_logic 	logic[NFCT_FILTER_MAX];
 
 	/*
-	 * This the layer 4 protocol map for filtering.
+	 * This the layer 4 protocol map for filtering. Not more than 
+	 * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually,
+	 * I doubt that anyone can reach such a limit.
 	 */
+#define __FILTER_L4PROTO_MAX	255
 	u_int32_t 		l4proto_map[IPPROTO_MAX/32];
+	u_int32_t		l4proto_len;
 
 	struct {
 	/*
@@ -183,19 +187,21 @@ struct nfct_filter {
 	 */
 #define __FILTER_PROTO_MAX	16
 		u_int16_t 	map;
+		u_int16_t	len;
 	} l4proto_state[IPPROTO_MAX];
 
 #define __FILTER_ADDR_SRC 0
 #define __FILTER_ADDR_DST 1
 
 	/*
-	 * FIXME: For IPv4 filtering, up to 256 IPs or masks by now.
+	 * FIXME: For IPv4 filtering, up to 127 IPs by now.
 	 * This limitation is related to the existing autogenerated BSF code
-	 * and the fact that the maximum jump offset if 2^8 = 256.
+	 * (two BSF lines per comparison) and the fact that the maximum 
+	 * jump offset is 0xff which is 255.
 	 */
 	u_int32_t 		l3proto_elems[2];
 	struct {
-#define __FILTER_ADDR_MAX	256
+#define __FILTER_ADDR_MAX	127
 		u_int32_t 	addr;
 		u_int32_t 	mask;
 	} l3proto[2][__FILTER_ADDR_MAX];