proto: use hexadecimal to display ip frag-off field

commit 67edd1f2330a31e93789639d31315b64d01a79a3 upstream.

The ip frag-off field in the protocol definition is 16-bits long
and it contains the DF (0x2000) and MF (0x4000) bits too.

iptables-translate also suggests:

	ip frag-off & 0x1ffff != 0

to match on fragments. Use hexadecimal for listing this header field.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/proto.c b/src/proto.c
index c8b3361bbee6a9348c15489b94d50461addb716e..0f61b6595b6ad0eb5d666c634523f20605267618 100644 (file)
--- a/src/proto.c
+++ b/src/proto.c
@@ -276,6 +276,8 @@ const struct proto_desc *proto_ctx_find_conflict(struct proto_ctx *ctx,
 
 #define HDR_FIELD(__name, __struct, __member)                          \
        HDR_TEMPLATE(__name, &integer_type, __struct, __member)
+#define HDR_HEX_FIELD(__name, __struct, __member)                              \
+       HDR_TEMPLATE(__name, &xinteger_type, __struct, __member)
 #define HDR_BITFIELD(__name, __dtype,  __offset, __len)                        \
        PROTO_HDR_TEMPLATE(__name, __dtype, BYTEORDER_BIG_ENDIAN,       \
                           __offset, __len)
@@ -774,7 +776,7 @@ const struct proto_desc proto_ip = {
                [IPHDR_ECN]             = HDR_BITFIELD("ecn", &ecn_type, 14, 2),
                [IPHDR_LENGTH]          = IPHDR_FIELD("length",         tot_len),
                [IPHDR_ID]              = IPHDR_FIELD("id",             id),
-               [IPHDR_FRAG_OFF]        = IPHDR_FIELD("frag-off",       frag_off),
+               [IPHDR_FRAG_OFF]        = HDR_HEX_FIELD("frag-off", struct iphdr, frag_off),
                [IPHDR_TTL]             = IPHDR_FIELD("ttl",            ttl),
                [IPHDR_PROTOCOL]        = INET_PROTOCOL("protocol", struct iphdr, protocol),
                [IPHDR_CHECKSUM]        = IPHDR_FIELD("checksum",       check),

diff --git a/tests/py/ip/ip.t b/tests/py/ip/ip.t
index c962d4b3fc60f43dacb866595eb6c02100cd092b..6542e9ee925f281ddc6bac802c08526f04aca9f2 100644 (file)
--- a/tests/py/ip/ip.t
+++ b/tests/py/ip/ip.t
@@ -48,12 +48,12 @@ ip id != 33-45;ok
 ip id { 33, 55, 67, 88};ok
 ip id != { 33, 55, 67, 88};ok
 
-ip frag-off 222 accept;ok
-ip frag-off != 233;ok
-ip frag-off 33-45;ok
-ip frag-off != 33-45;ok
-ip frag-off { 33, 55, 67, 88};ok
-ip frag-off != { 33, 55, 67, 88};ok
+ip frag-off 0xde accept;ok
+ip frag-off != 0xe9;ok
+ip frag-off 0x21-0x2d;ok
+ip frag-off != 0x21-0x2d;ok
+ip frag-off { 0x21, 0x37, 0x43, 0x58};ok
+ip frag-off != { 0x21, 0x37, 0x43, 0x58};ok
 
 ip ttl 0 drop;ok
 ip ttl 233;ok

diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json
index 617cd50639da77b607d5065a9606c0aa24ef47ef..1beabaa5590b0c6f720115ed319ea6e6ce9fb85b 100644 (file)
--- a/tests/py/ip/ip.t.json
+++ b/tests/py/ip/ip.t.json
@@ -384,7 +384,7 @@
     }
 ]
 
-# ip frag-off 222 accept
+# ip frag-off 0xde accept
 [
     {
         "match": {
@@ -403,7 +403,7 @@
     }
 ]
 
-# ip frag-off != 233
+# ip frag-off != 0xe9
 [
     {
         "match": {
@@ -419,7 +419,7 @@
     }
 ]
 
-# ip frag-off 33-45
+# ip frag-off 0x21-0x2d
 [
     {
         "match": {
@@ -437,7 +437,7 @@
     }
 ]
 
-# ip frag-off != 33-45
+# ip frag-off != 0x21-0x2d
 [
     {
         "match": {
@@ -455,7 +455,7 @@
     }
 ]
 
-# ip frag-off { 33, 55, 67, 88}
+# ip frag-off { 0x21, 0x37, 0x43, 0x58}
 [
     {
         "match": {
@@ -478,7 +478,7 @@
     }
 ]
 
-# ip frag-off != { 33, 55, 67, 88}
+# ip frag-off != { 0x21, 0x37, 0x43, 0x58}
 [
     {
         "match": {

diff --git a/tests/py/ip/ip.t.payload b/tests/py/ip/ip.t.payload
index 2c150cbadd60d947a4bfb7bfb35ab804e0e19812..697738019c8357a51e5b842ed05458c784e72e61 100644 (file)
--- a/tests/py/ip/ip.t.payload
+++ b/tests/py/ip/ip.t.payload
@@ -124,29 +124,29 @@ ip test-ip4 input
   [ payload load 2b @ network header + 4 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# ip frag-off 222 accept
+# ip frag-off 0xde accept
 ip test-ip4 input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp eq reg 1 0x0000de00 ]
   [ immediate reg 0 accept ]
 
-# ip frag-off != 233
+# ip frag-off != 0xe9
 ip test-ip4 input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x0000e900 ]
 
-# ip frag-off 33-45
+# ip frag-off 0x21-0x2d
 ip test-ip4 input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp gte reg 1 0x00002100 ]
   [ cmp lte reg 1 0x00002d00 ]
 
-# ip frag-off != 33-45
+# ip frag-off != 0x21-0x2d
 ip test-ip4 input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ range neq reg 1 0x00002100 0x00002d00 ]
 
-# ip frag-off { 33, 55, 67, 88}
+# ip frag-off { 0x21, 0x37, 0x43, 0x58}
 __set%d test-ip4 3
 __set%d test-ip4 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]
@@ -154,7 +154,7 @@ ip test-ip4 input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# ip frag-off != { 33, 55, 67, 88}
+# ip frag-off != { 0x21, 0x37, 0x43, 0x58}
 __set%d test-ip4 3
 __set%d test-ip4 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]

diff --git a/tests/py/ip/ip.t.payload.bridge b/tests/py/ip/ip.t.payload.bridge
index e3e0f1d0623df3ed2722d8e8a0464bb4c7630425..c04f6d6c98088c88457788da1490d612c2cb152e 100644 (file)
--- a/tests/py/ip/ip.t.payload.bridge
+++ b/tests/py/ip/ip.t.payload.bridge
@@ -162,7 +162,7 @@ bridge test-bridge input
   [ payload load 2b @ network header + 4 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# ip frag-off 222 accept
+# ip frag-off 0xde accept
 bridge test-bridge input 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -170,14 +170,14 @@ bridge test-bridge input
   [ cmp eq reg 1 0x0000de00 ]
   [ immediate reg 0 accept ]
 
-# ip frag-off != 233
+# ip frag-off != 0xe9
 bridge test-bridge input 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x0000e900 ]
 
-# ip frag-off 33-45
+# ip frag-off 0x21-0x2d
 bridge test-bridge input 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -185,14 +185,14 @@ bridge test-bridge input
   [ cmp gte reg 1 0x00002100 ]
   [ cmp lte reg 1 0x00002d00 ]
 
-# ip frag-off != 33-45
+# ip frag-off != 0x21-0x2d
 bridge test-bridge input 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ range neq reg 1 0x00002100 0x00002d00 ]
 
-# ip frag-off { 33, 55, 67, 88}
+# ip frag-off { 0x21, 0x37, 0x43, 0x58}
 __set%d test-bridge 3 size 4
 __set%d test-bridge 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]
@@ -202,7 +202,7 @@ bridge test-bridge input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# ip frag-off != { 33, 55, 67, 88}
+# ip frag-off != { 0x21, 0x37, 0x43, 0x58}
 __set%d test-bridge 3 size 4
 __set%d test-bridge 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]

diff --git a/tests/py/ip/ip.t.payload.inet b/tests/py/ip/ip.t.payload.inet
index 754e37fff9d36361f1d06238cd953313093fb053..83e35aacf6f89f42456bad1a931492a7d18d30cd 100644 (file)
--- a/tests/py/ip/ip.t.payload.inet
+++ b/tests/py/ip/ip.t.payload.inet
@@ -162,7 +162,7 @@ inet test-inet input
   [ payload load 2b @ network header + 4 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# ip frag-off 222 accept
+# ip frag-off 0xde accept
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
@@ -170,14 +170,14 @@ inet test-inet input
   [ cmp eq reg 1 0x0000de00 ]
   [ immediate reg 0 accept ]
 
-# ip frag-off != 233
+# ip frag-off != 0xe9
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x0000e900 ]
 
-# ip frag-off 33-45
+# ip frag-off 0x21-0x2d
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
@@ -185,14 +185,14 @@ inet test-inet input
   [ cmp gte reg 1 0x00002100 ]
   [ cmp lte reg 1 0x00002d00 ]
 
-# ip frag-off != 33-45
+# ip frag-off != 0x21-0x2d
 inet test-inet input
   [ meta load nfproto => reg 1 ]
   [ cmp eq reg 1 0x00000002 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ range neq reg 1 0x00002100 0x00002d00 ]
 
-# ip frag-off { 33, 55, 67, 88}
+# ip frag-off { 0x21, 0x37, 0x43, 0x58}
 __set%d test-inet 3
 __set%d test-inet 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]
@@ -202,7 +202,7 @@ inet test-inet input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# ip frag-off != { 33, 55, 67, 88}
+# ip frag-off != { 0x21, 0x37, 0x43, 0x58}
 __set%d test-inet 3
 __set%d test-inet 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]

diff --git a/tests/py/ip/ip.t.payload.netdev b/tests/py/ip/ip.t.payload.netdev
index b72233548cf2fa61c20e83c9990a30d3465f9604..bcadc579791e5cf7e93a3d0d37950dd4c80ac851 100644 (file)
--- a/tests/py/ip/ip.t.payload.netdev
+++ b/tests/py/ip/ip.t.payload.netdev
@@ -96,7 +96,7 @@ netdev test-netdev ingress
   [ payload load 2b @ network header + 4 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
-# ip frag-off 222 accept
+# ip frag-off 0xde accept
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -104,14 +104,14 @@ netdev test-netdev ingress
   [ cmp eq reg 1 0x0000de00 ]
   [ immediate reg 0 accept ]
 
-# ip frag-off != 233
+# ip frag-off != 0xe9
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ cmp neq reg 1 0x0000e900 ]
 
-# ip frag-off 33-45
+# ip frag-off 0x21-0x2d
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
@@ -119,14 +119,14 @@ netdev test-netdev ingress
   [ cmp gte reg 1 0x00002100 ]
   [ cmp lte reg 1 0x00002d00 ]
 
-# ip frag-off != 33-45
+# ip frag-off != 0x21-0x2d
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]
   [ cmp eq reg 1 0x00000008 ]
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ range neq reg 1 0x00002100 0x00002d00 ]
 
-# ip frag-off { 33, 55, 67, 88}
+# ip frag-off { 0x21, 0x37, 0x43, 0x58}
 __set%d test-netdev 3
 __set%d test-netdev 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]
@@ -136,7 +136,7 @@ netdev test-netdev ingress
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d ]
 
-# ip frag-off != { 33, 55, 67, 88}
+# ip frag-off != { 0x21, 0x37, 0x43, 0x58}
 __set%d test-netdev 3
 __set%d test-netdev 0
        element 00002100  : 0 [end]     element 00003700  : 0 [end]     element 00004300  : 0 [end]     element 00005800  : 0 [end]