src: generate set members using integer_type in the appropriate byteorder

Rules with header fields that rely on the generic integer datatype
from sets are not matching, eg.

 nft add rule filter input udp length { 9 } counter

This set member is an integer represented in host byte order, which
obviously doesn't match the header field (in network byte order).

Since the integer datatype has no specific byteorder, we have to rely
on the expression byteorder instead when configuring the context,
before we evaluate the list of set members.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/include/expression.h b/include/expression.h
index 59fa5f3dd90ff9cd652bceb6c4b9abf8f64b80eb..4b968796501daf57aa278f659a82b592b2000c04 100644 (file)
--- a/include/expression.h
+++ b/include/expression.h
@@ -96,19 +96,31 @@ enum symbol_types {
  * struct expr_ctx - type context for symbol parsing during evaluation
  *
  * @dtype:     expected datatype
+ * @byteorder: expected byteorder
  * @len:       expected len
  */
 struct expr_ctx {
        const struct datatype   *dtype;
+       enum byteorder          byteorder;
        unsigned int            len;
 };
 
+static inline void __expr_set_context(struct expr_ctx *ctx,
+                                     const struct datatype *dtype,
+                                     enum byteorder byteorder,
+                                     unsigned int len)
+{
+       ctx->dtype      = dtype;
+       ctx->byteorder  = byteorder;
+       ctx->len        = len;
+}
+
 static inline void expr_set_context(struct expr_ctx *ctx,
                                    const struct datatype *dtype,
                                    unsigned int len)
 {
-       ctx->dtype = dtype;
-       ctx->len   = len;
+       __expr_set_context(ctx, dtype,
+                          dtype ? dtype->byteorder : BYTEORDER_INVALID, len);
 }
 
 /**

diff --git a/src/evaluate.c b/src/evaluate.c
index 00e55b7ddf77e8942bbf9d0cdc80dd1c43f55c63..07326607cd7b6dc894b297600d217752469c225c 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -238,6 +238,7 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr)
                        mpz_clear(mask);
                        return -1;
                }
+               (*expr)->byteorder = ctx->ectx.byteorder;
                (*expr)->len = ctx->ectx.len;
                mpz_clear(mask);
                break;
@@ -261,7 +262,8 @@ static int expr_evaluate_value(struct eval_ctx *ctx, struct expr **expr)
  */
 static int expr_evaluate_primary(struct eval_ctx *ctx, struct expr **expr)
 {
-       expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->len);
+       __expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
+                          (*expr)->len);
        return 0;
 }