 |
netfilter
firewalling, NAT, and packet mangling for linux
|
|
|
netfilter
firewalling, NAT, and packet mangling for linux
|
|
#include <stddef.h>#include <stdlib.h>#include <stdio.h>#include <stdint.h>#include <string.h>#include <net/if_arp.h>#include <arpa/inet.h>#include <linux/netfilter.h>#include <rule.h>#include <expression.h>#include <statement.h>#include <payload.h>#include <gmputil.h>#include <utils.h>
Functions | |
| struct expr * | payload_expr_alloc (const struct location *loc, const struct proto_desc *desc, unsigned int type) |
| void | payload_init_raw (struct expr *expr, enum proto_bases base, unsigned int offset, unsigned int len) |
| int | payload_gen_dependency (struct eval_ctx *ctx, const struct expr *expr, struct stmt **res) |
| payload_gen_dependency - generate match expression on payload dependency More... | |
| void | payload_expr_complete (struct expr *expr, const struct proto_ctx *ctx) |
| payload_expr_complete - fill in type information of a raw payload expr More... | |
| void | payload_expr_expand (struct list_head *list, struct expr *expr, const struct proto_ctx *ctx) |
| payload_expr_expand - expand raw merged adjacent payload expressions into its original components More... | |
| bool | payload_is_adjacent (const struct expr *e1, const struct expr *e2) |
| payload_is_adjacent - return whether two payload expressions refer to adjacent header locations More... | |
| struct expr * | payload_expr_join (const struct expr *e1, const struct expr *e2) |
| payload_expr_join - join two adjacent payload expressions More... | |
| struct expr* payload_expr_alloc | ( | const struct location * | loc, |
| const struct proto_desc * | desc, | ||
| unsigned int | type | ||
| ) |
References proto_desc::base, expr::base, proto_hdr_template::byteorder, expr::desc, proto_hdr_template::dtype, expr_alloc(), EXPR_F_PROTOCOL, expr::flags, flags, proto_hdr_template::len, NULL, proto_hdr_template::offset, expr::payload, PROTO_BASE_INVALID, proto_unknown, proto_unknown_template, proto_desc::protocol_key, proto_desc::templates, expr::tmpl, and type.
Referenced by payload_expr_expand(), payload_expr_join(), and payload_gen_dependency().
payload_expr_complete - fill in type information of a raw payload expr
: the payload expression : protocol context
Complete the type of a raw payload expression based on the context. If insufficient information is available the expression remains unchanged.
References array_size, proto_desc::base, proto_desc::desc, proto_ctx::desc, proto_hdr_template::dtype, expr::dtype, EXPR_PAYLOAD, proto_hdr_template::len, expr::len, NULL, proto_hdr_template::offset, expr::ops, expr::payload, proto_ctx::protocol, proto_desc::templates, and expr_ops::type.
| void payload_expr_expand | ( | struct list_head * | list, |
| struct expr * | expr, | ||
| const struct proto_ctx * | ctx | ||
| ) |
payload_expr_expand - expand raw merged adjacent payload expressions into its original components
: list to append expanded payload expressions to : the payload expression to expand : protocol context
Expand a merged adjacent payload expression into its original components by splitting elements off the beginning matching a payload template.
Note: this requires all payload templates to be specified in ascending offset order.
References array_size, proto_desc::base, proto_desc::desc, proto_ctx::desc, EXPR_PAYLOAD, proto_hdr_template::len, expr::len, expr::location, new, NULL, proto_hdr_template::offset, expr::ops, expr::payload, payload_expr_alloc(), payload_init_raw(), proto_ctx::protocol, proto_desc::templates, and expr_ops::type.
payload_expr_join - join two adjacent payload expressions
: first payload expression : second payload expression
References internal_location, expr::len, NULL, expr::payload, payload_expr_alloc(), and payload_is_adjacent().
payload_gen_dependency - generate match expression on payload dependency
: evaluation context : payload expression : dependency expression
Generate matches on protocol dependencies. There are two different kinds of dependencies:
A payload expression for a base below the hook base is invalid in the output path since the lower layer header does not exist when the packet is classified. In the input path a payload expressions for a base exactly one below the hook base is valid. In this case a match on the device type is required to verify that we're dealing with the expected protocol.
Note: since it is unknown to userspace which hooks a chain is called from, it is not explicitly verified. The NFT_META_IIFTYPE match will only match in the input path though.
References arphrd_type, hook_proto_desc::base, BITS_PER_BYTE, datatype::byteorder, BYTEORDER_HOST_ENDIAN, constant_expr_alloc(), proto_desc::desc, proto_ctx::desc, proto_hdr_template::dtype, expr_error, expr_stmt_alloc(), proto_ctx::family, expr::left, proto_hdr_template::len, expr::location, meta_expr_alloc(), proto_hdr_template::meta_key, eval_ctx::msgs, proto_desc::name, NFPROTO_BRIDGE, NFPROTO_INET, NFT_META_IIFTYPE, NULL, OP_EQ, expr::ops, expr::payload, payload_expr_alloc(), eval_ctx::pctx, expr_ops::pctx_update, PROTO_BASE_LL_HDR, proto_base_names, PROTO_BASE_TRANSPORT_HDR, proto_dev_type(), proto_eth, proto_find_num(), proto_inet, proto_inet_service, proto_ctx::protocol, proto_desc::protocol_key, relational_expr_alloc(), expr::right, stmt_evaluate(), proto_desc::templates, and type.
| void payload_init_raw | ( | struct expr * | expr, |
| enum proto_bases | base, | ||
| unsigned int | offset, | ||
| unsigned int | len | ||
| ) |
References expr::base, len, expr::len, expr::offset, and expr::payload.
Referenced by payload_expr_expand().
payload_is_adjacent - return whether two payload expressions refer to adjacent header locations
: first payload expression : second payload expression
References expr::len, and expr::payload.
Referenced by payload_expr_join().
1.8.8