rpms / nftables

Clone
Source Code
GIT

Blame SOURCES/0054-tcp-add-raw-tcp-option-match-support.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   d95e8a0a61234fc1d9bed776c1877beeaa3a49d3
  2.   SOURCES
  3.   0054-tcp-add-raw-tcp-option-match-support.patch
Blob History Raw
0341a5 
From 267d86b62132a009badd57b2ffcffed6ae682a1e Mon Sep 17 00:00:00 2001
0341a5 
From: Phil Sutter <psutter@redhat.com>
0341a5 
Date: Mon, 12 Jul 2021 17:44:08 +0200
0341a5 
Subject: [PATCH] tcp: add raw tcp option match support
0341a5
0341a5 
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1979334
0341a5 
Upstream Status: nftables commit 881d8cb21c0b9
0341a5
0341a5 
commit 881d8cb21c0b9168787b932f41b801593bde2216
0341a5 
Author: Florian Westphal <fw@strlen.de>
0341a5 
Date:   Mon Nov 2 20:10:25 2020 +0100
0341a5
0341a5 
    tcp: add raw tcp option match support
0341a5
0341a5 
    tcp option @42,16,4 (@kind,offset,length).
0341a5
0341a5 
    Signed-off-by: Florian Westphal <fw@strlen.de>
0341a5 
---
0341a5 
 doc/payload-expression.txt    |  6 ++++++
0341a5 
 src/exthdr.c                  | 13 +++++++++----
0341a5 
 src/parser_bison.y            |  5 +++++
0341a5 
 src/tcpopt.c                  |  2 ++
0341a5 
 tests/py/any/tcpopt.t         |  2 ++
0341a5 
 tests/py/any/tcpopt.t.payload |  7 +++++++
0341a5 
 6 files changed, 31 insertions(+), 4 deletions(-)
0341a5
0341a5 
diff --git a/doc/payload-expression.txt b/doc/payload-expression.txt
0341a5 
index 3a07321..b6d2a28 100644
0341a5 
--- a/doc/payload-expression.txt
0341a5 
+++ b/doc/payload-expression.txt
0341a5 
@@ -591,6 +591,12 @@ TCP Timestamps |
0341a5 
 kind, length, tsval, tsecr
0341a5 
 |============================
0341a5
0341a5 
+TCP option matching also supports raw expression syntax to access arbitrary options:
0341a5 
+[verse]
0341a5 
+*tcp option*
0341a5 
+[verse]
0341a5 
+*tcp option* *@*'number'*,*'offset'*,*'length'
0341a5 
+
0341a5 
 .IP Options
0341a5 
 [options="header"]
0341a5 
 |==================
0341a5 
diff --git a/src/exthdr.c b/src/exthdr.c
0341a5 
index 68d5aa5..5c75720 100644
0341a5 
--- a/src/exthdr.c
0341a5 
+++ b/src/exthdr.c
0341a5 
@@ -32,10 +32,15 @@ static void exthdr_expr_print(const struct expr *expr, struct output_ctx *octx)
0341a5 
 		 */
0341a5 
 		unsigned int offset = expr->exthdr.offset / 64;
0341a5
0341a5 
-		if (expr->exthdr.desc == NULL &&
0341a5 
-		    expr->exthdr.offset == 0 &&
0341a5 
-		    expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) {
0341a5 
-			nft_print(octx, "tcp option %d", expr->exthdr.raw_type);
0341a5 
+		if (expr->exthdr.desc == NULL) {
0341a5 
+			if (expr->exthdr.offset == 0 &&
0341a5 
+			    expr->exthdr.flags & NFT_EXTHDR_F_PRESENT) {
0341a5 
+				nft_print(octx, "tcp option %d", expr->exthdr.raw_type);
0341a5 
+				return;
0341a5 
+			}
0341a5 
+
0341a5 
+			nft_print(octx, "tcp option @%u,%u,%u", expr->exthdr.raw_type,
0341a5 
+								expr->exthdr.offset, expr->len);
0341a5 
 			return;
0341a5 
 		}
0341a5
0341a5 
diff --git a/src/parser_bison.y b/src/parser_bison.y
0341a5 
index 4ea9364..5aedc55 100644
0341a5 
--- a/src/parser_bison.y
0341a5 
+++ b/src/parser_bison.y
0341a5 
@@ -4718,6 +4718,11 @@ tcp_hdr_expr		:	TCP	tcp_hdr_field
0341a5 
 				$$ = tcpopt_expr_alloc(&@$, $3, TCPOPT_COMMON_KIND);
0341a5 
 				$$->exthdr.flags = NFT_EXTHDR_F_PRESENT;
0341a5 
 			}
0341a5 
+			|	TCP	OPTION	AT tcp_hdr_option_type	COMMA	NUM	COMMA	NUM
0341a5 
+			{
0341a5 
+				$$ = tcpopt_expr_alloc(&@$, $4, 0);
0341a5 
+				tcpopt_init_raw($$, $4, $6, $8, 0);
0341a5 
+			}
0341a5 
 			;
0341a5
0341a5 
 tcp_hdr_field		:	SPORT		{ $$ = TCPHDR_SPORT; }
0341a5 
diff --git a/src/tcpopt.c b/src/tcpopt.c
0341a5 
index 1cf97a5..05b5ee6 100644
0341a5 
--- a/src/tcpopt.c
0341a5 
+++ b/src/tcpopt.c
0341a5 
@@ -197,6 +197,8 @@ void tcpopt_init_raw(struct expr *expr, uint8_t type, unsigned int off,
0341a5
0341a5 
 	if (flags & NFT_EXTHDR_F_PRESENT)
0341a5 
 		datatype_set(expr, &boolean_type);
0341a5 
+	else
0341a5 
+		datatype_set(expr, &integer_type);
0341a5
0341a5 
 	if (type >= array_size(tcpopt_protocols))
0341a5 
 		return;
0341a5 
diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t
0341a5 
index 7b17014..e759ac6 100644
0341a5 
--- a/tests/py/any/tcpopt.t
0341a5 
+++ b/tests/py/any/tcpopt.t
0341a5 
@@ -31,6 +31,7 @@ tcp option timestamp length 1;ok
0341a5 
 tcp option timestamp tsval 1;ok
0341a5 
 tcp option timestamp tsecr 1;ok
0341a5 
 tcp option 255 missing;ok
0341a5 
+tcp option @255,8,8 255;ok
0341a5
0341a5 
 tcp option foobar;fail
0341a5 
 tcp option foo bar;fail
0341a5 
@@ -40,6 +41,7 @@ tcp option eol left 1;fail
0341a5 
 tcp option sack window;fail
0341a5 
 tcp option sack window 1;fail
0341a5 
 tcp option 256 exists;fail
0341a5 
+tcp option @255,8,8 256;fail
0341a5
0341a5 
 tcp option window exists;ok
0341a5 
 tcp option window missing;ok
0341a5 
diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
0341a5 
index 34f8e26..cddba61 100644
0341a5 
--- a/tests/py/any/tcpopt.t.payload
0341a5 
+++ b/tests/py/any/tcpopt.t.payload
0341a5 
@@ -523,6 +523,13 @@ inet
0341a5 
   [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ]
0341a5 
   [ cmp eq reg 1 0x00000000 ]
0341a5
0341a5 
+# tcp option @255,8,8 255
0341a5 
+inet
0341a5 
+  [ meta load l4proto => reg 1 ]
0341a5 
+  [ cmp eq reg 1 0x00000006 ]
0341a5 
+  [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]
0341a5 
+  [ cmp eq reg 1 0x000000ff ]
0341a5 
+
0341a5 
 # tcp option window exists
0341a5 
 inet
0341a5 
   [ meta load l4proto => reg 1 ]
0341a5 
--
0341a5 
2.31.1
0341a5

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation