* [PATCH nft] exthdr: remove tcp dependency for tcp option matching
@ 2021-01-21 15:02 Florian Westphal
2021-01-21 15:33 ` Pablo Neira Ayuso
0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2021-01-21 15:02 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
Kernel won't search for tcp options in non-tcp packets.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/evaluate.c | 4 +--
tests/py/any/tcpopt.t.payload | 60 -----------------------------------
2 files changed, 1 insertion(+), 63 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index c830dcdbd965..ee5655064cb8 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -580,9 +580,7 @@ static int expr_evaluate_exthdr(struct eval_ctx *ctx, struct expr **exprp)
switch (expr->exthdr.op) {
case NFT_EXTHDR_OP_TCPOPT:
- dependency = &proto_tcp;
- pb = PROTO_BASE_TRANSPORT_HDR;
- break;
+ return __expr_evaluate_exthdr(ctx, exprp);
case NFT_EXTHDR_OP_IPV4:
dependency = &proto_ip;
break;
diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload
index 56473798f8fd..1005df32ab33 100644
--- a/tests/py/any/tcpopt.t.payload
+++ b/tests/py/any/tcpopt.t.payload
@@ -1,210 +1,150 @@
# tcp option eol kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 0 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option nop kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 1 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 2 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 2 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option maxseg size 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 2b @ 2 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000100 ]
# tcp option window kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window count 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 2 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack-perm kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 4 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack-perm length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 4 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 5 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 5 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option sack left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack0 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack1 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 10 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack2 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 18 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack3 left 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 26 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack0 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack1 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 14 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack2 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 22 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option sack3 right 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 5 + 30 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option timestamp kind 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 8 + 0 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option timestamp length 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 8 + 1 => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option timestamp tsval 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 8 + 2 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option timestamp tsecr 1
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 4b @ 8 + 6 => reg 1 ]
[ cmp eq reg 1 0x01000000 ]
# tcp option 255 missing
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
# tcp option @255,8,8 255
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ]
[ cmp eq reg 1 0x000000ff ]
# tcp option window exists
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
# tcp option window missing
inet
- [ meta load l4proto => reg 1 ]
- [ cmp eq reg 1 0x00000006 ]
[ exthdr load tcpopt 1b @ 3 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000000 ]
--
2.26.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH nft] exthdr: remove tcp dependency for tcp option matching
2021-01-21 15:02 [PATCH nft] exthdr: remove tcp dependency for tcp option matching Florian Westphal
@ 2021-01-21 15:33 ` Pablo Neira Ayuso
0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2021-01-21 15:33 UTC (permalink / raw)
To: Florian Westphal; +Cc: netfilter-devel
On Thu, Jan 21, 2021 at 04:02:47PM +0100, Florian Westphal wrote:
> Kernel won't search for tcp options in non-tcp packets.
LGTM.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-21 15:36 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-21 15:02 [PATCH nft] exthdr: remove tcp dependency for tcp option matching Florian Westphal
2021-01-21 15:33 ` Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).