parser_json: add raw payload inner header match support

Add missing "ih" base raw payload and extend tests/py to cover this new
usecase.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_json.c b/src/parser_json.c
index 3cd21175b2364af79977d02304adaa1bdbfc6b50..7a2d30ff665c552f162a395d884e4e48756e5430 100644 (file)
--- a/src/parser_json.c
+++ b/src/parser_json.c
@@ -558,6 +558,8 @@ static struct expr *json_parse_payload_expr(struct json_ctx *ctx,
                        val = PROTO_BASE_NETWORK_HDR;
                } else if (!strcmp(base, "th")) {
                        val = PROTO_BASE_TRANSPORT_HDR;
+               } else if (!strcmp(base, "ih")) {
+                       val = PROTO_BASE_INNER_HDR;
                } else {
                        json_error(ctx, "Invalid payload base '%s'.", base);
                        return NULL;

diff --git a/tests/py/any/rawpayload.t b/tests/py/any/rawpayload.t
index 9fe377e24397f322a7db3bade82f6ab313ba6b70..128e8088c4e5c08956adb2d279f6dfbd7c260f5e 100644 (file)
--- a/tests/py/any/rawpayload.t
+++ b/tests/py/any/rawpayload.t
@@ -18,3 +18,5 @@ meta l4proto tcp @th,16,16 { 22, 23, 80};ok;tcp dport { 22, 23, 80}
 @ll,0,1 1;ok;@ll,0,8 & 0x80 == 0x80
 @ll,0,8 & 0x80 == 0x80;ok
 @ll,0,128 0xfedcba987654321001234567890abcde;ok
+
+@ih,32,32 0x14000000;ok

diff --git a/tests/py/any/rawpayload.t.json b/tests/py/any/rawpayload.t.json
index 9481d9bf543bbc0d2b87816604a72e138fe4ff6e..b5115e0ddacf4cfd433cf4d7a47ce5cc96757a98 100644 (file)
--- a/tests/py/any/rawpayload.t.json
+++ b/tests/py/any/rawpayload.t.json
@@ -156,3 +156,20 @@
     }
 ]
 
+# @ih,32,32 0x14000000
+[
+    {
+        "match": {
+            "left": {
+                "payload": {
+                    "base": "ih",
+                    "len": 32,
+                    "offset": 32
+                }
+            },
+            "op": "==",
+            "right": 335544320
+        }
+    }
+]
+

diff --git a/tests/py/any/rawpayload.t.payload b/tests/py/any/rawpayload.t.payload
index d2b38183cc95936976691cc4b74d40ad3756ac4a..61c41cb976d6e731217d132205f6787f0134e4d2 100644 (file)
--- a/tests/py/any/rawpayload.t.payload
+++ b/tests/py/any/rawpayload.t.payload
@@ -47,3 +47,9 @@ inet test-inet input
 inet test-inet input
   [ payload load 16b @ link header + 0 => reg 1 ]
   [ cmp eq reg 1 0x98badcfe 0x10325476 0x67452301 0xdebc0a89 ]
+
+# @ih,32,32 0x14000000
+inet test-inet input
+  [ payload load 4b @ inner header + 4 => reg 1 ]
+  [ cmp eq reg 1 0x00000014 ]
+