diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-11-23 17:59:21 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-11-30 12:50:00 +0100 |
| commit | 1017d323cafa6d4df34b9a2d0bea505e5253bc2b (patch) | |
| tree | 56215f9c59d06c8e27691f6a3a015c32ad442b73 /tests/py | |
| parent | c327e9331e50d7b4d6cfd0a82fb38bec73703bfb (diff) | |
src: support for selectors with different byteorder with interval concatenations
Assuming the following interval set with concatenation:
set test {
typeof ip saddr . meta mark
flags interval
}
then, the following rule:
ip saddr . meta mark @test
requires bytecode that swaps the byteorder for the meta mark selector in
case the set contains intervals and concatenations.
inet x y
[ meta load nfproto => reg 1 ]
[ cmp eq reg 1 0x00000002 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ meta load mark => reg 9 ]
[ byteorder reg 9 = hton(reg 9, 4, 4) ] <----- this is required !
[ lookup reg 1 set test dreg 0 ]
This patch updates byteorder_conversion() to add the unary expression
that introduces the byteorder expression.
Moreover, store the meta mark range component of the element tuple in
the set in big endian as it is required for the range comparisons. Undo
the byteorder swap in the netlink delinearize path to listing the meta
mark values accordingly.
Update tests/py to validate that byteorder expression is emitted in the
bytecode. Update tests/shell to validate insertion and listing of a
named map declaration.
A similar commit 806ab081dc9a ("netlink: swap byteorder for
host-endian concat data") already exists in the tree to handle this for
strings with prefix (e.g. eth*).
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py')
| -rw-r--r-- | tests/py/inet/meta.t | 2 | ||||
| -rw-r--r-- | tests/py/inet/meta.t.payload | 12 |
2 files changed, 14 insertions, 0 deletions
diff --git a/tests/py/inet/meta.t b/tests/py/inet/meta.t index 423cc5f3..0d7d5f25 100644 --- a/tests/py/inet/meta.t +++ b/tests/py/inet/meta.t @@ -21,3 +21,5 @@ meta secpath missing;ok;meta ipsec missing meta ibrname "br0";fail meta obrname "br0";fail meta mark set ct mark >> 8;ok + +meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 };ok diff --git a/tests/py/inet/meta.t.payload b/tests/py/inet/meta.t.payload index fd054549..2b4e6c2d 100644 --- a/tests/py/inet/meta.t.payload +++ b/tests/py/inet/meta.t.payload @@ -97,3 +97,15 @@ inet test-inet input [ cmp eq reg 1 0x00000011 ] [ payload load 2b @ transport header + 2 => reg 1 ] [ cmp eq reg 1 0x00004300 ] + +# meta mark . tcp dport { 0x0000000a-0x00000014 . 80-90, 0x00100000-0x00100123 . 100-120 } +__set%d test-inet 87 size 1 +__set%d test-inet 0 + element 0a000000 00005000 - 14000000 00005a00 : 0 [end] element 00001000 00006400 - 23011000 00007800 : 0 [end] +ip test-inet input + [ meta load l4proto => reg 1 ] + [ cmp eq reg 1 0x00000006 ] + [ meta load mark => reg 1 ] + [ byteorder reg 1 = hton(reg 1, 4, 4) ] + [ payload load 2b @ transport header + 2 => reg 9 ] + [ lookup reg 1 set __set%d ] |