diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 01:03:19 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2008-11-25 01:03:19 +0100 |
| commit | 20506e55b12ba22b761a1ad84dc8a47ce8c82f2e (patch) | |
| tree | a23824017b20e4161e6310fefdfd0a20503fca99 /include/internal | |
| parent | 972e6b3c19f3c79b59804308efac447bd2d016ec (diff) | |
bsf: major rework of the BSF generation code
This patch reworks the BSF automatic generation code. This
feature needs more love and it has several limitations like
that the maximum number of IPs are 127 due to BSF code
restrictions. See this patch as a first step forward.
This patch also adds the stack data type, which is used to
resolve jump dynamically instead of the previous static
approach.
This patch also includes fixes in the limitations, previous
calculations were wrong.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/internal')
| -rw-r--r-- | include/internal/object.h | 14 | ||||
| -rw-r--r-- | include/internal/stack.h | 11 |
2 files changed, 21 insertions, 4 deletions
diff --git a/include/internal/object.h b/include/internal/object.h index 8213f4a..53f942d 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -171,9 +171,13 @@ struct nfct_filter { enum nfct_filter_logic logic[NFCT_FILTER_MAX]; /* - * This the layer 4 protocol map for filtering. + * This the layer 4 protocol map for filtering. Not more than + * 255 protocols (maximum is IPPROTO_MAX which is 256). Actually, + * I doubt that anyone can reach such a limit. */ +#define __FILTER_L4PROTO_MAX 255 u_int32_t l4proto_map[IPPROTO_MAX/32]; + u_int32_t l4proto_len; struct { /* @@ -183,19 +187,21 @@ struct nfct_filter { */ #define __FILTER_PROTO_MAX 16 u_int16_t map; + u_int16_t len; } l4proto_state[IPPROTO_MAX]; #define __FILTER_ADDR_SRC 0 #define __FILTER_ADDR_DST 1 /* - * FIXME: For IPv4 filtering, up to 256 IPs or masks by now. + * FIXME: For IPv4 filtering, up to 127 IPs by now. * This limitation is related to the existing autogenerated BSF code - * and the fact that the maximum jump offset if 2^8 = 256. + * (two BSF lines per comparison) and the fact that the maximum + * jump offset is 0xff which is 255. */ u_int32_t l3proto_elems[2]; struct { -#define __FILTER_ADDR_MAX 256 +#define __FILTER_ADDR_MAX 127 u_int32_t addr; u_int32_t mask; } l3proto[2][__FILTER_ADDR_MAX]; diff --git a/include/internal/stack.h b/include/internal/stack.h new file mode 100644 index 0000000..f57bd15 --- /dev/null +++ b/include/internal/stack.h @@ -0,0 +1,11 @@ +#ifndef _STACK_H_ +#define _STACK_H_ + +struct stack; + +struct stack *stack_create(size_t elem_size, int max_elems); +void stack_destroy(struct stack *s); +int stack_push(struct stack *s, void *data); +int stack_pop(struct stack *s, void *data); + +#endif |