git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Mon, 25 Jul 2022 12:32:13 +0000 (14:32 +0200)
committer	Florian Westphal <fw@strlen.de>
	Thu, 4 Aug 2022 23:46:39 +0000 (01:46 +0200)
commit	0d9daa0407212c8cc89b3ea8aee031ddf0109b08
tree	9c8b5a4c2127e7aae2ccf9dd3e73744d922bc500	tree \| snapshot
parent	89688c947efc36d25c58c85650414fa3a491732e	commit \| diff

proto: track full stack of seen l2 protocols, not just cumulative offset

For input, a cumulative size counter of all pushed l2 headers is enough,
because we have the full expression tree available to us.

For delinearization we need to track all seen l2 headers, else we lose
information that we might need at a later time.

Consider:

rule netdev nt nc set update ether saddr . vlan id

during delinearization, the vlan proto_desc replaces the ethernet one,
and by the time we try to split the concatenation apart we will search
the ether saddr offset vs. the templates for proto_vlan.

This replaces the offset with an array that stores the protocol
descriptions seen.

Then, if the payload offset is larger than our description, search the
l2 stack and adjust the offset until we're within the expected offset
boundary.

Reported-by: Eric Garver <eric@garver.life>
Signed-off-by: Florian Westphal <fw@strlen.de>

include/proto.h		diff \| blob \| blame \| history
src/evaluate.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
src/payload.c		diff \| blob \| blame \| history
src/proto.c		diff \| blob \| blame \| history