From: Fernando Fernandez Mancera <ffmancera@riseup.net>
To: netfilter-devel@vger.kernel.org
Cc: Fernando Fernandez Mancera <ffmancera@riseup.net>
Subject: [PATCH nft v2 2/6] json: osf: add version json support
Date: Mon, 11 Mar 2019 16:14:13 +0100 [thread overview]
Message-ID: <20190311151417.17772-2-ffmancera@riseup.net> (raw)
In-Reply-To: <20190311151417.17772-1-ffmancera@riseup.net>
Signed-off-by: Fernando Fernandez Mancera <ffmancera@riseup.net>
---
v1: initial patch
v2: flags type is now u32
---
doc/libnftables-json.adoc | 7 +++++-
src/json.c | 13 +++++++++++
src/parser_json.c | 48 ++++++++++++++++++++++++++++++++++++++-
3 files changed, 66 insertions(+), 2 deletions(-)
diff --git a/doc/libnftables-json.adoc b/doc/libnftables-json.adoc
index dbe5ac3..6981c69 100644
--- a/doc/libnftables-json.adoc
+++ b/doc/libnftables-json.adoc
@@ -1302,11 +1302,16 @@ Construct a reference to packet's socket.
____
*{ "osf": {
"key":* 'OSF_KEY'*,
- "ttl":* 'OSF_TTL'
+ "ttl":* 'OSF_TTL'*,
+ "flags":* 'OSF_FLAGS'
*}}*
'OSF_KEY' := *"name"*
'OSF_TTL' := *"loose"* | *"skip"*
+
+'OSF_FLAGS' := 'OSF_FLAG' | *[* 'OSF_FLAG_LIST' *]*
+'OSF_FLAG_LIST' := 'OSF_FLAG' [*,* 'OSF_FLAG_LIST' ]
+'OSF_FLAG' := *"version"*
____
Perform OS fingerprinting. This expression is typically used in the LHS of a *match*
diff --git a/src/json.c b/src/json.c
index 276a3c0..a46188d 100644
--- a/src/json.c
+++ b/src/json.c
@@ -865,6 +865,7 @@ json_t *socket_expr_json(const struct expr *expr, struct output_ctx *octx)
json_t *osf_expr_json(const struct expr *expr, struct output_ctx *octx)
{
json_t *root = json_pack("{s:s}", "key", "name");
+ const char *osf_flags[] = { "version" }
switch (expr->osf.ttl) {
case 1:
@@ -875,6 +876,18 @@ json_t *osf_expr_json(const struct expr *expr, struct output_ctx *octx)
break;
}
+ if (expr->osf.flags) {
+ json_t *tmp = json_array();
+ unsigned int i;
+
+ for (i = 0; i < array_size(osf_flags); i++) {
+ if (osf.flags & (1 << i)) {
+ json_array_append_new(tmp, json_string(osf_flags[i]));
+ }
+ }
+ json_object_set_new(root, "flags", tmp);
+ }
+
return json_pack("{s:o}", "osf", root);
}
diff --git a/src/parser_json.c b/src/parser_json.c
index 7b190bc..ae197f0 100644
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -377,10 +377,26 @@ static struct expr *json_parse_meta_expr(struct json_ctx *ctx,
return meta_expr_alloc(int_loc, key);
}
+static int osf_flag_parse(const char *name, int *flagval)
+{
+ const char *osf_flags[] = { "version" };
+ unsigned int i;
+
+ for (i = 0; i < array_size(osf_flags); i++) {
+ if (!strcmp(name, osf_flags[i])) {
+ *flagval |= (1 << i);
+ return 0;
+ }
+ }
+ return 1;
+}
+
static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
const char *type, json_t *root)
{
+ json_t *flags, *value;
const char *key, *ttl;
+ uint8_t flagval = 0;
uint8_t ttlval = 0;
if (json_unpack_err(ctx, root, "{s:s}", "key", &key))
@@ -397,8 +413,38 @@ static struct expr *json_parse_osf_expr(struct json_ctx *ctx,
}
}
+ if (!json_unpack(root, "{s:o}", "flags", &flags)) {
+ const char *flag;
+
+ if (json_is_string(flags)) {
+ flag = json_string_value(flags);
+
+ if (osf_flag_parse(flag, &flagval)) {
+ json_error(ctx, "Invalidad osf flag '%s'.", flag);
+ return NULL;
+ }
+
+ } else if (!json_is_array) {
+ json_error(ctx, "Unexpected object type in osf flags tuple.");
+ return NULL;
+ }
+
+ json_array_foreach(flags, index, value) {
+ if (!json_is_string(value)) {
+ json_error(ctx, "Unexpected object type in osf flags array at index %zd.", index);
+ return NULL;
+ }
+ flag = json_string_value(value);
+
+ if (osf_flag_parse(flag, &flagval)) {
+ json_error(ctx, "Invalid osf flag '%s'.", flag);
+ return NULL;
+ }
+ }
+ }
+
if (!strcmp(key, "name"))
- return osf_expr_alloc(int_loc, ttlval);
+ return osf_expr_alloc(int_loc, ttlval, flagval);
json_error(ctx, "Invalid osf key value.");
return NULL;
--
2.20.1
next prev parent reply other threads:[~2019-03-11 15:14 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-03-11 15:14 [PATCH nft v2 1/6] osf: add version fingerprint support Fernando Fernandez Mancera
2019-03-11 15:14 ` Fernando Fernandez Mancera [this message]
2019-03-11 15:14 ` [PATCH nft v2 3/6] tests: py: add osf tests with versions Fernando Fernandez Mancera
2019-03-11 15:14 ` [PATCH nft v2 4/6] doc: add osf version option to man page Fernando Fernandez Mancera
2019-03-11 15:14 ` [PATCH nft v2 5/6] files: osf: update pf.os with newer OS fingerprints Fernando Fernandez Mancera
2019-03-11 15:14 ` [PATCH nft v2 6/6] files: pf.os: merge the signatures spllited by version Fernando Fernandez Mancera
2019-03-13 9:44 ` [PATCH nft v2 1/6] osf: add version fingerprint support Phil Sutter
2019-03-13 10:14 ` Fernando Fernandez Mancera
2019-03-13 11:27 ` Phil Sutter
2019-03-13 14:15 ` Fernando Fernandez Mancera
2019-03-13 15:06 ` Phil Sutter
2019-03-13 15:22 ` Fernando Fernandez Mancera
2019-03-13 15:34 ` Phil Sutter
2019-03-13 16:46 ` Fernando Fernandez Mancera
2019-03-14 11:14 ` Fernando Fernandez Mancera
2019-03-14 13:58 ` Pablo Neira Ayuso
2019-03-14 17:34 ` Phil Sutter
2019-03-14 18:24 ` Fernando Fernandez Mancera
2019-03-15 10:03 ` Phil Sutter
2019-03-15 17:13 ` Pablo Neira Ayuso
2019-03-15 20:21 ` Fernando Fernandez Mancera
2019-03-16 9:05 ` Pablo Neira Ayuso
2019-03-17 17:10 ` Fernando Fernandez Mancera
2019-03-18 17:42 ` Phil Sutter
2019-03-19 11:06 ` Pablo Neira Ayuso
2019-03-20 13:46 ` Phil Sutter
2019-03-21 8:32 ` Pablo Neira Ayuso
2019-03-21 11:15 ` Phil Sutter
2019-03-21 11:18 ` Pablo Neira Ayuso
2019-03-21 14:06 ` Phil Sutter
2019-03-21 16:57 ` Pablo Neira Ayuso
2019-03-21 18:14 ` Phil Sutter
2019-03-14 20:07 ` Pablo Neira Ayuso
2019-03-14 20:13 ` [PATCH nft v2 1/6] osf: add version fingerprint supportg Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190311151417.17772-2-ffmancera@riseup.net \
--to=ffmancera@riseup.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).