| Brad Bishop | 6e60e8b | 2018-02-01 10:27:11 -0500 | [diff] [blame] | 1 | From 0825c57d571bb7121e7048e198b9b023f7e7f358 Mon Sep 17 00:00:00 2001 |
| 2 | From: Florian Westphal <fw@strlen.de> |
| 3 | Date: Sun, 7 May 2017 03:53:30 +0200 |
| 4 | Subject: [PATCH] src: ip: switch implicit dependencies to meta l4proto too |
| 5 | |
| 6 | after ip6 nexthdr also switch ip to meta l4proto instead of ip protocol. |
| 7 | |
| 8 | While its needed for ipv6 (due to extension headers) this isn't needed |
| 9 | for ip but it has the advantage that |
| 10 | |
| 11 | tcp dport 22 |
| 12 | |
| 13 | produces same expressions for ip/ip6/inet families. |
| 14 | |
| 15 | Signed-off-by: Florian Westphal <fw@strlen.de> |
| 16 | --- |
| 17 | Upstream-Status: Backport |
| 18 | Signed-off-by: André Draszik <adraszik@tycoint.com> |
| 19 | src/payload.c | 17 +++++++++++------ |
| 20 | src/proto.c | 3 ++- |
| 21 | 2 files changed, 13 insertions(+), 7 deletions(-) |
| 22 | |
| 23 | diff --git a/src/payload.c b/src/payload.c |
| 24 | index 8796ee5..11b6df3 100644 |
| 25 | --- a/src/payload.c |
| 26 | +++ b/src/payload.c |
| 27 | @@ -118,17 +118,22 @@ static const struct expr_ops payload_expr_ops = { |
| 28 | }; |
| 29 | |
| 30 | /* |
| 31 | - * ipv6 is special case, we normally use 'meta l4proto' to fetch the last |
| 32 | - * l4 header of the ipv6 extension header chain so we will also match |
| 33 | + * We normally use 'meta l4proto' to fetch the last l4 header of the |
| 34 | + * ipv6 extension header chain so we will also match |
| 35 | * tcp after a fragmentation header, for instance. |
| 36 | + * For consistency we also use meta l4proto for ipv4. |
| 37 | * |
| 38 | - * If user specifically asks for nexthdr x, treat is as a full |
| 39 | - * dependency rather than injecting another (useless) meta l4 one. |
| 40 | + * If user specifically asks for nexthdr x, don't add another (useless) |
| 41 | + * meta dependency. |
| 42 | */ |
| 43 | static bool proto_key_is_protocol(const struct proto_desc *desc, unsigned int type) |
| 44 | { |
| 45 | - if (type == desc->protocol_key || |
| 46 | - (desc == &proto_ip6 && type == IP6HDR_NEXTHDR)) |
| 47 | + if (type == desc->protocol_key) |
| 48 | + return true; |
| 49 | + |
| 50 | + if (desc == &proto_ip6 && type == IP6HDR_NEXTHDR) |
| 51 | + return true; |
| 52 | + if (desc == &proto_ip && type == IPHDR_PROTOCOL) |
| 53 | return true; |
| 54 | |
| 55 | return false; |
| 56 | diff --git a/src/proto.c b/src/proto.c |
| 57 | index 3b20a5f..2afedf7 100644 |
| 58 | --- a/src/proto.c |
| 59 | +++ b/src/proto.c |
| 60 | @@ -587,7 +587,6 @@ const struct proto_desc proto_ip = { |
| 61 | .name = "ip", |
| 62 | .base = PROTO_BASE_NETWORK_HDR, |
| 63 | .checksum_key = IPHDR_CHECKSUM, |
| 64 | - .protocol_key = IPHDR_PROTOCOL, |
| 65 | .protocols = { |
| 66 | PROTO_LINK(IPPROTO_ICMP, &proto_icmp), |
| 67 | PROTO_LINK(IPPROTO_ESP, &proto_esp), |
| 68 | @@ -600,6 +599,7 @@ const struct proto_desc proto_ip = { |
| 69 | PROTO_LINK(IPPROTO_SCTP, &proto_sctp), |
| 70 | }, |
| 71 | .templates = { |
| 72 | + [0] = PROTO_META_TEMPLATE("l4proto", &inet_protocol_type, NFT_META_L4PROTO, 8), |
| 73 | [IPHDR_VERSION] = HDR_BITFIELD("version", &integer_type, 0, 4), |
| 74 | [IPHDR_HDRLENGTH] = HDR_BITFIELD("hdrlength", &integer_type, 4, 4), |
| 75 | [IPHDR_DSCP] = HDR_BITFIELD("dscp", &dscp_type, 8, 6), |
| 76 | @@ -779,6 +779,7 @@ const struct proto_desc proto_inet_service = { |
| 77 | PROTO_LINK(IPPROTO_TCP, &proto_tcp), |
| 78 | PROTO_LINK(IPPROTO_DCCP, &proto_dccp), |
| 79 | PROTO_LINK(IPPROTO_SCTP, &proto_sctp), |
| 80 | + PROTO_LINK(IPPROTO_ICMP, &proto_icmp), |
| 81 | PROTO_LINK(IPPROTO_ICMPV6, &proto_icmp6), |
| 82 | }, |
| 83 | .templates = { |
| 84 | -- |
| 85 | 2.11.0 |
| 86 | |