summaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2014-01-08 13:02:15 +0000
committerPatrick McHardy <kaber@trash.net>2014-01-08 13:02:15 +0000
commit8f86606efe82489945db1706bd1d1a4d524afcad (patch)
tree5a7b5febee4c8190a067b3d1af38fcd5f9172c74 /include
parentbc3656ad1e5b5812f916e9c9356785c06ce90936 (diff)
nftables: generic procotol contexts
Currently the context of higher layer protocols is specific to payload expressions with some special cases for meta IIFTYPE expressions. This approach has a few shortcomings, concretely there are more expression types which define upper layer protocols like the ct expression and two upcoming new types for the meta expression. Replace the payload context by a generic protocol context to deal with this. This patch just splits off the requires parts from the payload expression without any functional changes, the following patches will add further functionality for other expressions. Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include')
-rw-r--r--include/expression.h8
-rw-r--r--include/exthdr.h6
-rw-r--r--include/meta.h2
-rw-r--r--include/payload.h280
-rw-r--r--include/proto.h287
-rw-r--r--include/rule.h2
6 files changed, 305 insertions, 280 deletions
diff --git a/include/expression.h b/include/expression.h
index d8f28682..2b7b3795 100644
--- a/include/expression.h
+++ b/include/expression.h
@@ -225,15 +225,15 @@ struct expr {
struct {
/* EXPR_PAYLOAD */
- const struct payload_desc *desc;
- const struct payload_template *tmpl;
- enum payload_bases base;
+ const struct proto_desc *desc;
+ const struct proto_hdr_template *tmpl;
+ enum proto_bases base;
unsigned int offset;
} payload;
struct {
/* EXPR_EXTHDR */
const struct exthdr_desc *desc;
- const struct payload_template *tmpl;
+ const struct proto_hdr_template *tmpl;
} exthdr;
struct {
/* EXPR_META */
diff --git a/include/exthdr.h b/include/exthdr.h
index 62e69bd2..87c42857 100644
--- a/include/exthdr.h
+++ b/include/exthdr.h
@@ -1,17 +1,19 @@
#ifndef NFTABLES_EXTHDR_H
#define NFTABLES_EXTHDR_H
+#include <proto.h>
+
/**
* struct exthdr_desc - extension header description
*
* @name: extension header name
* @type: extension header protocol value
- * @templates: header templates
+ * @templates: header field templates
*/
struct exthdr_desc {
const char *name;
uint8_t type;
- struct payload_template templates[10];
+ struct proto_hdr_template templates[10];
};
extern struct expr *exthdr_expr_alloc(const struct location *loc,
diff --git a/include/meta.h b/include/meta.h
index 459221fb..23f78cf1 100644
--- a/include/meta.h
+++ b/include/meta.h
@@ -25,5 +25,7 @@ struct meta_template {
extern struct expr *meta_expr_alloc(const struct location *loc,
enum nft_meta_keys key);
+extern void meta_expr_pctx_update(struct proto_ctx *ctx,
+ const struct expr *expr);
#endif /* NFTABLES_META_H */
diff --git a/include/payload.h b/include/payload.h
index fa8d82e1..54d8d547 100644
--- a/include/payload.h
+++ b/include/payload.h
@@ -2,128 +2,16 @@
#define NFTABLES_PAYLOAD_H
#include <nftables.h>
-
-/**
- * enum payload_bases
- *
- * @PAYLOAD_BASE_INVALID: uninitialised, does not happen
- * @PAYLOAD_BASE_LL_HDR: link layer header
- * @PAYLOAD_BASE_NETWORK_HDR: network layer header
- * @PAYLOAD_BASE_TRANSPORT_HDR: transport layer header
- */
-enum payload_bases {
- PAYLOAD_BASE_INVALID,
- PAYLOAD_BASE_LL_HDR,
- PAYLOAD_BASE_NETWORK_HDR,
- PAYLOAD_BASE_TRANSPORT_HDR,
- __PAYLOAD_BASE_MAX
-};
-#define PAYLOAD_BASE_MAX (__PAYLOAD_BASE_MAX - 1)
-
-/**
- * struct payload_template - template for a payload header expression
- *
- * @token: parser token describing the header field
- * @dtype: data type of the expression
- * @offset: offset from base
- * @len: length of header field
- */
-struct payload_template {
- const char *token;
- const struct datatype *dtype;
- uint16_t offset;
- uint16_t len;
-};
-
-#define PAYLOAD_TEMPLATE(__token, __dtype, __offset, __len) \
- { \
- .token = (__token), \
- .dtype = (__dtype), \
- .offset = (__offset), \
- .len = (__len), \
- }
-
-#define PAYLOAD_PROTO_MAX 16
-#define PAYLOAD_TEMPLATE_MAX 20
-
-/**
- * struct payload_desc - payload protocol description
- *
- * @name: protocol name
- * @base: header base
- * @protocol_key: key of template containing upper layer protocol description
- * @protocols: link to upper layer protocol description indexed by protocol value
- * @templates: header templates
- */
-struct payload_desc {
- const char *name;
- enum payload_bases base;
- unsigned int protocol_key;
- struct {
- unsigned int num;
- const struct payload_desc *desc;
- } protocols[PAYLOAD_PROTO_MAX];
- struct payload_template templates[PAYLOAD_TEMPLATE_MAX];
-};
-
-#define PAYLOAD_PROTO(__num, __desc) { .num = (__num), .desc = (__desc), }
-
-/**
- * struct payload_hook_desc - description of constraints imposed by hook family
- *
- * @base: protocol base of packets
- * @desc: protocol description of packets
- */
-struct payload_hook_desc {
- enum payload_bases base;
- const struct payload_desc *desc;
-};
-
-#define PAYLOAD_HOOK(__base, __desc) { .base = (__base), .desc = (__desc), }
-
-/**
- * struct dev_payload_desc - description of device LL protocol
- *
- * @desc: protocol description
- * @type: arphrd value
- */
-struct dev_payload_desc {
- const struct payload_desc *desc;
- uint16_t type;
-};
-
-#define DEV_PAYLOAD_DESC(__type, __desc) { .type = (__type), .desc = (__desc), }
-
-/**
- * struct payload_ctx - payload expression protocol context
- *
- * @family: hook family
- * @location: location of expression defining the context
- * @desc: payload description for this layer
- *
- * The location of the context is the location of the relational expression
- * defining it, either directly through a protocol match or indirectly
- * through a dependency.
- */
-struct payload_ctx {
- unsigned int family;
- struct {
- struct location location;
- const struct payload_desc *desc;
- } protocol[PAYLOAD_BASE_MAX + 1];
-};
+#include <proto.h>
extern struct expr *payload_expr_alloc(const struct location *loc,
- const struct payload_desc *desc,
+ const struct proto_desc *desc,
unsigned int type);
-extern void payload_init_raw(struct expr *expr, enum payload_bases base,
+extern void payload_init_raw(struct expr *expr, enum proto_bases base,
unsigned int offset, unsigned int len);
-extern void payload_ctx_init(struct payload_ctx *ctx, unsigned int family);
-extern void payload_ctx_update_meta(struct payload_ctx *ctx,
- const struct expr *expr);
-extern void payload_ctx_update(struct payload_ctx *ctx,
- const struct expr *expr);
+extern void payload_expr_pctx_update(struct proto_ctx *ctx,
+ const struct expr *expr);
struct eval_ctx;
extern int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr,
@@ -134,162 +22,8 @@ extern struct expr *payload_expr_join(const struct expr *e1,
const struct expr *e2);
extern void payload_expr_expand(struct list_head *list, struct expr *expr,
- const struct payload_ctx *ctx);
+ const struct proto_ctx *ctx);
extern void payload_expr_complete(struct expr *expr,
- const struct payload_ctx *ctx);
-
-enum eth_hdr_fields {
- ETHHDR_INVALID,
- ETHHDR_DADDR,
- ETHHDR_SADDR,
- ETHHDR_TYPE,
-};
-
-enum vlan_hdr_fields {
- VLANHDR_INVALID,
- VLANHDR_VID,
- VLANHDR_CFI,
- VLANHDR_PCP,
- VLANHDR_TYPE,
-};
-
-enum arp_hdr_fields {
- ARPHDR_INVALID,
- ARPHDR_HRD,
- ARPHDR_PRO,
- ARPHDR_HLN,
- ARPHDR_PLN,
- ARPHDR_OP,
-};
-
-enum ip_hdr_fields {
- IPHDR_INVALID,
- IPHDR_VERSION,
- IPHDR_HDRLENGTH,
- IPHDR_TOS,
- IPHDR_LENGTH,
- IPHDR_ID,
- IPHDR_FRAG_OFF,
- IPHDR_TTL,
- IPHDR_PROTOCOL,
- IPHDR_CHECKSUM,
- IPHDR_SADDR,
- IPHDR_DADDR,
-};
-
-enum icmp_hdr_fields {
- ICMPHDR_INVALID,
- ICMPHDR_TYPE,
- ICMPHDR_CODE,
- ICMPHDR_CHECKSUM,
- ICMPHDR_ID,
- ICMPHDR_SEQ,
- ICMPHDR_GATEWAY,
- ICMPHDR_MTU,
-};
-
-enum icmp6_hdr_fields {
- ICMP6HDR_INVALID,
- ICMP6HDR_TYPE,
- ICMP6HDR_CODE,
- ICMP6HDR_CHECKSUM,
- ICMP6HDR_PPTR,
- ICMP6HDR_MTU,
- ICMP6HDR_ID,
- ICMP6HDR_SEQ,
- ICMP6HDR_MAXDELAY,
-};
-
-enum ip6_hdr_fields {
- IP6HDR_INVALID,
- IP6HDR_VERSION,
- IP6HDR_PRIORITY,
- IP6HDR_FLOWLABEL,
- IP6HDR_LENGTH,
- IP6HDR_NEXTHDR,
- IP6HDR_HOPLIMIT,
- IP6HDR_SADDR,
- IP6HDR_DADDR,
- IP6HDR_PROTOCOL,
-};
-
-enum ah_hdr_fields {
- AHHDR_INVALID,
- AHHDR_NEXTHDR,
- AHHDR_HDRLENGTH,
- AHHDR_RESERVED,
- AHHDR_SPI,
- AHHDR_SEQUENCE,
-};
-
-enum esp_hdr_fields {
- ESPHDR_INVALID,
- ESPHDR_SPI,
- ESPHDR_SEQUENCE,
-};
-
-enum comp_hdr_fields {
- COMPHDR_INVALID,
- COMPHDR_NEXTHDR,
- COMPHDR_FLAGS,
- COMPHDR_CPI,
-};
-
-enum udp_hdr_fields {
- UDPHDR_INVALID,
- UDPHDR_SPORT,
- UDPHDR_DPORT,
- UDPHDR_LENGTH,
- UDPHDR_CSUMCOV = UDPHDR_LENGTH,
- UDPHDR_CHECKSUM,
-};
-
-enum tcp_hdr_fields {
- TCPHDR_INVALID,
- TCPHDR_SPORT,
- TCPHDR_DPORT,
- TCPHDR_SEQ,
- TCPHDR_ACKSEQ,
- TCPHDR_DOFF,
- TCPHDR_RESERVED,
- TCPHDR_FLAGS,
- TCPHDR_WINDOW,
- TCPHDR_CHECKSUM,
- TCPHDR_URGPTR,
-};
-
-enum dccp_hdr_fields {
- DCCPHDR_INVALID,
- DCCPHDR_SPORT,
- DCCPHDR_DPORT,
- DCCPHDR_TYPE,
-};
-
-enum sctp_hdr_fields {
- SCTPHDR_INVALID,
- SCTPHDR_SPORT,
- SCTPHDR_DPORT,
- SCTPHDR_VTAG,
- SCTPHDR_CHECKSUM,
-};
-
-extern const struct payload_desc payload_icmp;
-extern const struct payload_desc payload_ah;
-extern const struct payload_desc payload_esp;
-extern const struct payload_desc payload_comp;
-extern const struct payload_desc payload_udp;
-extern const struct payload_desc payload_udplite;
-extern const struct payload_desc payload_tcp;
-extern const struct payload_desc payload_dccp;
-extern const struct payload_desc payload_sctp;
-extern const struct payload_desc payload_icmp6;
-
-extern const struct payload_desc payload_ip;
-extern const struct payload_desc payload_ip6;
-
-extern const struct payload_desc payload_arp;
-
-extern const struct payload_desc payload_vlan;
-extern const struct payload_desc payload_eth;
+ const struct proto_ctx *ctx);
#endif /* NFTABLES_PAYLOAD_H */
diff --git a/include/proto.h b/include/proto.h
new file mode 100644
index 00000000..037ef09e
--- /dev/null
+++ b/include/proto.h
@@ -0,0 +1,287 @@
+#ifndef NFTABLES_PROTO_H
+#define NFTABLES_PROTO_H
+
+#include <nftables.h>
+
+/**
+ * enum proto_bases - protocol bases
+ *
+ * @PROTO_BASE_INVALID: uninitialised, does not happen
+ * @PROTO_BASE_LL_HDR: link layer header
+ * @PROTO_BASE_NETWORK_HDR: network layer header
+ * @PROTO_BASE_TRANSPORT_HDR: transport layer header
+ */
+enum proto_bases {
+ PROTO_BASE_INVALID,
+ PROTO_BASE_LL_HDR,
+ PROTO_BASE_NETWORK_HDR,
+ PROTO_BASE_TRANSPORT_HDR,
+ __PROTO_BASE_MAX
+};
+#define PROTO_BASE_MAX (__PROTO_BASE_MAX - 1)
+
+extern const char *proto_base_names[];
+extern const char *proto_base_tokens[];
+
+/**
+ * struct proto_hdr_template - protocol header field description
+ *
+ * @token: parser token describing the header field
+ * @dtype: data type of the header field
+ * @offset: offset of the header field from base
+ * @len: length of header field
+ */
+struct proto_hdr_template {
+ const char *token;
+ const struct datatype *dtype;
+ uint16_t offset;
+ uint16_t len;
+};
+
+#define PROTO_HDR_TEMPLATE(__token, __dtype, __offset, __len) \
+ { \
+ .token = (__token), \
+ .dtype = (__dtype), \
+ .offset = (__offset), \
+ .len = (__len), \
+ }
+
+#define PROTO_UPPER_MAX 16
+#define PROTO_HDRS_MAX 20
+
+/**
+ * struct proto_desc - protocol header description
+ *
+ * @name: protocol name
+ * @base: header base
+ * @protocol_key: key of template containing upper layer protocol description
+ * @protocols: link to upper layer protocol descriptions indexed by protocol value
+ * @templates: header templates
+ */
+struct proto_desc {
+ const char *name;
+ enum proto_bases base;
+ unsigned int protocol_key;
+ struct {
+ unsigned int num;
+ const struct proto_desc *desc;
+ } protocols[PROTO_UPPER_MAX];
+ struct proto_hdr_template templates[PROTO_HDRS_MAX];
+};
+
+#define PROTO_LINK(__num, __desc) { .num = (__num), .desc = (__desc), }
+
+/**
+ * struct hook_proto_desc - description of protocol constraints imposed by hook family
+ *
+ * @base: protocol base of packets
+ * @desc: protocol description of packets
+ */
+struct hook_proto_desc {
+ enum proto_bases base;
+ const struct proto_desc *desc;
+};
+
+#define HOOK_PROTO_DESC(__base, __desc) { .base = (__base), .desc = (__desc), }
+
+extern const struct hook_proto_desc hook_proto_desc[];
+
+/**
+ * struct dev_proto_desc - description of device LL protocol
+ *
+ * @desc: protocol description
+ * @type: arphrd value
+ */
+struct dev_proto_desc {
+ const struct proto_desc *desc;
+ uint16_t type;
+};
+
+#define DEV_PROTO_DESC(__type, __desc) { .type = (__type), .desc = (__desc), }
+
+extern int proto_dev_type(const struct proto_desc *desc, uint16_t *res);
+extern const struct proto_desc *proto_dev_desc(uint16_t type);
+
+/**
+ * struct proto_ctx - protocol context
+ *
+ * @family: hook family
+ * @location: location of the relational expression defining the context
+ * @desc: protocol description for this layer
+ *
+ * The location of the context is the location of the relational expression
+ * defining it, either directly through a protocol match or indirectly
+ * through a dependency.
+ */
+struct proto_ctx {
+ unsigned int family;
+ struct {
+ struct location location;
+ const struct proto_desc *desc;
+ } protocol[PROTO_BASE_MAX + 1];
+};
+
+extern void proto_ctx_init(struct proto_ctx *ctx, unsigned int family);
+extern const struct proto_desc *proto_find_upper(const struct proto_desc *base,
+ unsigned int num);
+extern int proto_find_num(const struct proto_desc *base,
+ const struct proto_desc *desc);
+
+enum eth_hdr_fields {
+ ETHHDR_INVALID,
+ ETHHDR_DADDR,
+ ETHHDR_SADDR,
+ ETHHDR_TYPE,
+};
+
+enum vlan_hdr_fields {
+ VLANHDR_INVALID,
+ VLANHDR_VID,
+ VLANHDR_CFI,
+ VLANHDR_PCP,
+ VLANHDR_TYPE,
+};
+
+enum arp_hdr_fields {
+ ARPHDR_INVALID,
+ ARPHDR_HRD,
+ ARPHDR_PRO,
+ ARPHDR_HLN,
+ ARPHDR_PLN,
+ ARPHDR_OP,
+};
+
+enum ip_hdr_fields {
+ IPHDR_INVALID,
+ IPHDR_VERSION,
+ IPHDR_HDRLENGTH,
+ IPHDR_TOS,
+ IPHDR_LENGTH,
+ IPHDR_ID,
+ IPHDR_FRAG_OFF,
+ IPHDR_TTL,
+ IPHDR_PROTOCOL,
+ IPHDR_CHECKSUM,
+ IPHDR_SADDR,
+ IPHDR_DADDR,
+};
+
+enum icmp_hdr_fields {
+ ICMPHDR_INVALID,
+ ICMPHDR_TYPE,
+ ICMPHDR_CODE,
+ ICMPHDR_CHECKSUM,
+ ICMPHDR_ID,
+ ICMPHDR_SEQ,
+ ICMPHDR_GATEWAY,
+ ICMPHDR_MTU,
+};
+
+enum icmp6_hdr_fields {
+ ICMP6HDR_INVALID,
+ ICMP6HDR_TYPE,
+ ICMP6HDR_CODE,
+ ICMP6HDR_CHECKSUM,
+ ICMP6HDR_PPTR,
+ ICMP6HDR_MTU,
+ ICMP6HDR_ID,
+ ICMP6HDR_SEQ,
+ ICMP6HDR_MAXDELAY,
+};
+
+enum ip6_hdr_fields {
+ IP6HDR_INVALID,
+ IP6HDR_VERSION,
+ IP6HDR_PRIORITY,
+ IP6HDR_FLOWLABEL,
+ IP6HDR_LENGTH,
+ IP6HDR_NEXTHDR,
+ IP6HDR_HOPLIMIT,
+ IP6HDR_SADDR,
+ IP6HDR_DADDR,
+ IP6HDR_PROTOCOL,
+};
+
+enum ah_hdr_fields {
+ AHHDR_INVALID,
+ AHHDR_NEXTHDR,
+ AHHDR_HDRLENGTH,
+ AHHDR_RESERVED,
+ AHHDR_SPI,
+ AHHDR_SEQUENCE,
+};
+
+enum esp_hdr_fields {
+ ESPHDR_INVALID,
+ ESPHDR_SPI,
+ ESPHDR_SEQUENCE,
+};
+
+enum comp_hdr_fields {
+ COMPHDR_INVALID,
+ COMPHDR_NEXTHDR,
+ COMPHDR_FLAGS,
+ COMPHDR_CPI,
+};
+
+enum udp_hdr_fields {
+ UDPHDR_INVALID,
+ UDPHDR_SPORT,
+ UDPHDR_DPORT,
+ UDPHDR_LENGTH,
+ UDPHDR_CSUMCOV = UDPHDR_LENGTH,
+ UDPHDR_CHECKSUM,
+};
+
+enum tcp_hdr_fields {
+ TCPHDR_INVALID,
+ TCPHDR_SPORT,
+ TCPHDR_DPORT,
+ TCPHDR_SEQ,
+ TCPHDR_ACKSEQ,
+ TCPHDR_DOFF,
+ TCPHDR_RESERVED,
+ TCPHDR_FLAGS,
+ TCPHDR_WINDOW,
+ TCPHDR_CHECKSUM,
+ TCPHDR_URGPTR,
+};
+
+enum dccp_hdr_fields {
+ DCCPHDR_INVALID,
+ DCCPHDR_SPORT,
+ DCCPHDR_DPORT,
+ DCCPHDR_TYPE,
+};
+
+enum sctp_hdr_fields {
+ SCTPHDR_INVALID,
+ SCTPHDR_SPORT,
+ SCTPHDR_DPORT,
+ SCTPHDR_VTAG,
+ SCTPHDR_CHECKSUM,
+};
+
+extern const struct proto_desc proto_icmp;
+extern const struct proto_desc proto_ah;
+extern const struct proto_desc proto_esp;
+extern const struct proto_desc proto_comp;
+extern const struct proto_desc proto_udp;
+extern const struct proto_desc proto_udplite;
+extern const struct proto_desc proto_tcp;
+extern const struct proto_desc proto_dccp;
+extern const struct proto_desc proto_sctp;
+extern const struct proto_desc proto_icmp6;
+
+extern const struct proto_desc proto_ip;
+extern const struct proto_desc proto_ip6;
+
+extern const struct proto_desc proto_arp;
+
+extern const struct proto_desc proto_vlan;
+extern const struct proto_desc proto_eth;
+
+extern const struct proto_desc proto_unknown;
+extern const struct proto_hdr_template proto_unknown_template;
+
+#endif /* NFTABLES_PROTO_H */
diff --git a/include/rule.h b/include/rule.h
index 6ad8af3b..2a7b7980 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -292,7 +292,7 @@ struct eval_ctx {
struct set *set;
struct stmt *stmt;
struct expr_ctx ectx;
- struct payload_ctx pctx;
+ struct proto_ctx pctx;
};
extern int evaluate(struct eval_ctx *ctx, struct list_head *commands);