netlink_delinearize: support for bitfield payload statement with binary operation

Add a new function to deal with payload statement delinearization with binop expression. Infer the payload offset from the mask, then walk the template list to determine if estimated offset falls within a matching header field. If so, then validate that this is not a raw expression but an actual bitfield matching. Finally, trim the payload expression length accordingly and adjust the payload offset. instead of: @nh,8,5 set 0x0 it displays: ip dscp and 0x1 Update tests/py to cover for this enhancement. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-02-28 16:18:43 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-03-07 13:56:47 +0100
commit: 77def2d43466e99c146243e186a9fb6698b6a1a0 (patch)
tree: 70f10e66473928aff375792e9434c9e22f6d2da5 /tests/py/ip/ip.t.payload
parent: ee32bc90b80f329822b1dd3ee35f2eb98ae7f260 (diff)
1 files changed, 82 insertions, 0 deletions
diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload
index b0e9efa5..0e993627 100644
--- a/tests/py/ip/ip.t.payload
+++ b/tests/py/ip/ip.t.payload
@@ -553,3 +553,85 @@ ip test-ip4 input
   [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
   [ bitwise reg 1 = ( reg 1 & 0x0000003f ) ^ 0x00000000 ]
   [ cmp eq reg 1 0x00000001 ]
+
+# ip ecn set ip ecn | ect0
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000200 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn | ect1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000100 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect0
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000feff ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip ecn set ip ecn & ect1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000fdff ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# tcp flags set tcp flags & (fin | syn | rst | psh | ack | urg)
+ip test-ip4 input
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ payload load 2b @ transport header + 12 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# tcp flags set tcp flags | ecn | cwr
+ip test-ip4 input
+  [ meta load l4proto => reg 1 ]
+  [ cmp eq reg 1 0x00000006 ]
+  [ payload load 2b @ transport header + 12 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x00003fff ) ^ 0x0000c000 ]
+  [ payload write reg 1 => 2b @ transport header + 12 csum_type 1 csum_off 16 csum_flags 0x0 ]
+
+# ip dscp set ip dscp | lephb
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000fbff ) ^ 0x00000400 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & lephb
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x000007ff ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip dscp set ip dscp & 0x1f
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x00007fff ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version | 1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000ffef ) ^ 0x00000010 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip version set ip version & 1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000ff1f ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength | 1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000fffe ) ^ 0x00000001 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
+
+# ip hdrlength set ip hdrlength & 1
+ip test-ip4 input
+  [ payload load 2b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = ( reg 1 & 0x0000fff1 ) ^ 0x00000000 ]
+  [ payload write reg 1 => 2b @ network header + 0 csum_type 1 csum_off 10 csum_flags 0x0 ]
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-02-28 16:18:43 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-03-07 13:56:47 +0100
commit	77def2d43466e99c146243e186a9fb6698b6a1a0 (patch)
tree	70f10e66473928aff375792e9434c9e22f6d2da5 /tests/py/ip/ip.t.payload
parent	ee32bc90b80f329822b1dd3ee35f2eb98ae7f260 (diff)