From 8f86606efe82489945db1706bd1d1a4d524afcad Mon Sep 17 00:00:00 2001 From: Patrick McHardy Date: Wed, 8 Jan 2014 13:02:15 +0000 Subject: nftables: generic procotol contexts Currently the context of higher layer protocols is specific to payload expressions with some special cases for meta IIFTYPE expressions. This approach has a few shortcomings, concretely there are more expression types which define upper layer protocols like the ct expression and two upcoming new types for the meta expression. Replace the payload context by a generic protocol context to deal with this. This patch just splits off the requires parts from the payload expression without any functional changes, the following patches will add further functionality for other expressions. Signed-off-by: Patrick McHardy --- include/payload.h | 280 ++---------------------------------------------------- 1 file changed, 7 insertions(+), 273 deletions(-) (limited to 'include/payload.h') diff --git a/include/payload.h b/include/payload.h index fa8d82e1..54d8d547 100644 --- a/include/payload.h +++ b/include/payload.h @@ -2,128 +2,16 @@ #define NFTABLES_PAYLOAD_H #include - -/** - * enum payload_bases - * - * @PAYLOAD_BASE_INVALID: uninitialised, does not happen - * @PAYLOAD_BASE_LL_HDR: link layer header - * @PAYLOAD_BASE_NETWORK_HDR: network layer header - * @PAYLOAD_BASE_TRANSPORT_HDR: transport layer header - */ -enum payload_bases { - PAYLOAD_BASE_INVALID, - PAYLOAD_BASE_LL_HDR, - PAYLOAD_BASE_NETWORK_HDR, - PAYLOAD_BASE_TRANSPORT_HDR, - __PAYLOAD_BASE_MAX -}; -#define PAYLOAD_BASE_MAX (__PAYLOAD_BASE_MAX - 1) - -/** - * struct payload_template - template for a payload header expression - * - * @token: parser token describing the header field - * @dtype: data type of the expression - * @offset: offset from base - * @len: length of header field - */ -struct payload_template { - const char *token; - const struct datatype *dtype; - uint16_t offset; - uint16_t len; -}; - -#define PAYLOAD_TEMPLATE(__token, __dtype, __offset, __len) \ - { \ - .token = (__token), \ - .dtype = (__dtype), \ - .offset = (__offset), \ - .len = (__len), \ - } - -#define PAYLOAD_PROTO_MAX 16 -#define PAYLOAD_TEMPLATE_MAX 20 - -/** - * struct payload_desc - payload protocol description - * - * @name: protocol name - * @base: header base - * @protocol_key: key of template containing upper layer protocol description - * @protocols: link to upper layer protocol description indexed by protocol value - * @templates: header templates - */ -struct payload_desc { - const char *name; - enum payload_bases base; - unsigned int protocol_key; - struct { - unsigned int num; - const struct payload_desc *desc; - } protocols[PAYLOAD_PROTO_MAX]; - struct payload_template templates[PAYLOAD_TEMPLATE_MAX]; -}; - -#define PAYLOAD_PROTO(__num, __desc) { .num = (__num), .desc = (__desc), } - -/** - * struct payload_hook_desc - description of constraints imposed by hook family - * - * @base: protocol base of packets - * @desc: protocol description of packets - */ -struct payload_hook_desc { - enum payload_bases base; - const struct payload_desc *desc; -}; - -#define PAYLOAD_HOOK(__base, __desc) { .base = (__base), .desc = (__desc), } - -/** - * struct dev_payload_desc - description of device LL protocol - * - * @desc: protocol description - * @type: arphrd value - */ -struct dev_payload_desc { - const struct payload_desc *desc; - uint16_t type; -}; - -#define DEV_PAYLOAD_DESC(__type, __desc) { .type = (__type), .desc = (__desc), } - -/** - * struct payload_ctx - payload expression protocol context - * - * @family: hook family - * @location: location of expression defining the context - * @desc: payload description for this layer - * - * The location of the context is the location of the relational expression - * defining it, either directly through a protocol match or indirectly - * through a dependency. - */ -struct payload_ctx { - unsigned int family; - struct { - struct location location; - const struct payload_desc *desc; - } protocol[PAYLOAD_BASE_MAX + 1]; -}; +#include extern struct expr *payload_expr_alloc(const struct location *loc, - const struct payload_desc *desc, + const struct proto_desc *desc, unsigned int type); -extern void payload_init_raw(struct expr *expr, enum payload_bases base, +extern void payload_init_raw(struct expr *expr, enum proto_bases base, unsigned int offset, unsigned int len); -extern void payload_ctx_init(struct payload_ctx *ctx, unsigned int family); -extern void payload_ctx_update_meta(struct payload_ctx *ctx, - const struct expr *expr); -extern void payload_ctx_update(struct payload_ctx *ctx, - const struct expr *expr); +extern void payload_expr_pctx_update(struct proto_ctx *ctx, + const struct expr *expr); struct eval_ctx; extern int payload_gen_dependency(struct eval_ctx *ctx, const struct expr *expr, @@ -134,162 +22,8 @@ extern struct expr *payload_expr_join(const struct expr *e1, const struct expr *e2); extern void payload_expr_expand(struct list_head *list, struct expr *expr, - const struct payload_ctx *ctx); + const struct proto_ctx *ctx); extern void payload_expr_complete(struct expr *expr, - const struct payload_ctx *ctx); - -enum eth_hdr_fields { - ETHHDR_INVALID, - ETHHDR_DADDR, - ETHHDR_SADDR, - ETHHDR_TYPE, -}; - -enum vlan_hdr_fields { - VLANHDR_INVALID, - VLANHDR_VID, - VLANHDR_CFI, - VLANHDR_PCP, - VLANHDR_TYPE, -}; - -enum arp_hdr_fields { - ARPHDR_INVALID, - ARPHDR_HRD, - ARPHDR_PRO, - ARPHDR_HLN, - ARPHDR_PLN, - ARPHDR_OP, -}; - -enum ip_hdr_fields { - IPHDR_INVALID, - IPHDR_VERSION, - IPHDR_HDRLENGTH, - IPHDR_TOS, - IPHDR_LENGTH, - IPHDR_ID, - IPHDR_FRAG_OFF, - IPHDR_TTL, - IPHDR_PROTOCOL, - IPHDR_CHECKSUM, - IPHDR_SADDR, - IPHDR_DADDR, -}; - -enum icmp_hdr_fields { - ICMPHDR_INVALID, - ICMPHDR_TYPE, - ICMPHDR_CODE, - ICMPHDR_CHECKSUM, - ICMPHDR_ID, - ICMPHDR_SEQ, - ICMPHDR_GATEWAY, - ICMPHDR_MTU, -}; - -enum icmp6_hdr_fields { - ICMP6HDR_INVALID, - ICMP6HDR_TYPE, - ICMP6HDR_CODE, - ICMP6HDR_CHECKSUM, - ICMP6HDR_PPTR, - ICMP6HDR_MTU, - ICMP6HDR_ID, - ICMP6HDR_SEQ, - ICMP6HDR_MAXDELAY, -}; - -enum ip6_hdr_fields { - IP6HDR_INVALID, - IP6HDR_VERSION, - IP6HDR_PRIORITY, - IP6HDR_FLOWLABEL, - IP6HDR_LENGTH, - IP6HDR_NEXTHDR, - IP6HDR_HOPLIMIT, - IP6HDR_SADDR, - IP6HDR_DADDR, - IP6HDR_PROTOCOL, -}; - -enum ah_hdr_fields { - AHHDR_INVALID, - AHHDR_NEXTHDR, - AHHDR_HDRLENGTH, - AHHDR_RESERVED, - AHHDR_SPI, - AHHDR_SEQUENCE, -}; - -enum esp_hdr_fields { - ESPHDR_INVALID, - ESPHDR_SPI, - ESPHDR_SEQUENCE, -}; - -enum comp_hdr_fields { - COMPHDR_INVALID, - COMPHDR_NEXTHDR, - COMPHDR_FLAGS, - COMPHDR_CPI, -}; - -enum udp_hdr_fields { - UDPHDR_INVALID, - UDPHDR_SPORT, - UDPHDR_DPORT, - UDPHDR_LENGTH, - UDPHDR_CSUMCOV = UDPHDR_LENGTH, - UDPHDR_CHECKSUM, -}; - -enum tcp_hdr_fields { - TCPHDR_INVALID, - TCPHDR_SPORT, - TCPHDR_DPORT, - TCPHDR_SEQ, - TCPHDR_ACKSEQ, - TCPHDR_DOFF, - TCPHDR_RESERVED, - TCPHDR_FLAGS, - TCPHDR_WINDOW, - TCPHDR_CHECKSUM, - TCPHDR_URGPTR, -}; - -enum dccp_hdr_fields { - DCCPHDR_INVALID, - DCCPHDR_SPORT, - DCCPHDR_DPORT, - DCCPHDR_TYPE, -}; - -enum sctp_hdr_fields { - SCTPHDR_INVALID, - SCTPHDR_SPORT, - SCTPHDR_DPORT, - SCTPHDR_VTAG, - SCTPHDR_CHECKSUM, -}; - -extern const struct payload_desc payload_icmp; -extern const struct payload_desc payload_ah; -extern const struct payload_desc payload_esp; -extern const struct payload_desc payload_comp; -extern const struct payload_desc payload_udp; -extern const struct payload_desc payload_udplite; -extern const struct payload_desc payload_tcp; -extern const struct payload_desc payload_dccp; -extern const struct payload_desc payload_sctp; -extern const struct payload_desc payload_icmp6; - -extern const struct payload_desc payload_ip; -extern const struct payload_desc payload_ip6; - -extern const struct payload_desc payload_arp; - -extern const struct payload_desc payload_vlan; -extern const struct payload_desc payload_eth; + const struct proto_ctx *ctx); #endif /* NFTABLES_PAYLOAD_H */ -- cgit v1.2.3