Comments (7)
greenpau
commented on May 4, 2024
I see that I do get the name in the exprsFromMsg.
Lines 255 to 268 in 7127d9d
The b looks as follows after the above Unmarshal:
([]uint8) (len=56 cap=56) {
00000000 08 00 01 00 00 00 00 00 30 00 02 00 2c 00 02 00 |........0...,...|
00000010 08 00 01 00 ff ff ff fd 1e 00 02 00 63 6e 69 6e |............cnin|
00000020 73 2d 33 2d 34 30 32 36 36 31 39 30 38 39 2d 64 |s-3-4026619089-d|
00000030 75 6d 6d 79 30 00 00 00 |ummy0...|
}
However, the Verdict unmarshaling does not work and I get:
(*expr.Verdict)(0xc000422ae0)({
Kind: (expr.VerdictKind) 4294967293,
Chain: (string) ""
})
from nftables.
greenpau
commented on May 4, 2024
Upon further investigation, the following line might be a bug. Replace nestedAD.Bytes()[4:] with nestedAD.Bytes()[:4]
e.Kind = VerdictKind(binaryutil.BigEndian.Uint32(nestedAD.Bytes()[4:]))
The issue here is that (nestedAD.Bytes()[4:] is actually the data portion of the verdict, not the kind!
spew.Dump(nestedAD.Bytes())([]uint8) (len=40 cap=40) {
00000000 08 00 01 00 ff ff ff fd 1e 00 02 00 63 6e 69 6e |............cnin|
00000010 73 2d 33 2d 34 30 32 36 36 33 35 33 39 39 2d 64 |s-3-4026635399-d|
00000020 75 6d 6d 79 30 00 00 00 |ummy0...|
}
spew.Dump(nestedAD.Bytes()[4:])([]uint8) (len=36 cap=36) {
00000000 ff ff ff fd 1e 00 02 00 63 6e 69 6e 73 2d 33 2d |........cnins-3-|
00000010 34 30 32 36 36 33 35 33 39 39 2d 64 75 6d 6d 79 |4026635399-dummy|
00000020 30 00 00 00 |0...|
}
The data portion, i.e. Chain, was not even read into it.
from nftables.
greenpau
commented on May 4, 2024
reading here https://pkg.go.dev/github.com/mdlayher/netlink?tab=doc#AttributeDecoder
... what if nestedAD.Bytes()[4:] is correct .... and we need to limit that array to whatever the expected lenght of Kind (int64), 8 bytes?
from nftables.
greenpau
commented on May 4, 2024
... what if nestedAD.Bytes()[4:] is correct .... and we need to limit that array to whatever the expected lenght of Kind (int64), 8 bytes?
Not exactly, but close ... need to read nestedAD.Bytes()[8:12] ...
Reading https://www.infradead.org/~tgr/libnl/doc/core.html#core_attr
The first 4 bytes is length.
(*netlink.AttributeDecoder)(0xc0003fed40)(){
ByteOrder: (binary.littleEndian) LittleEndian,
attrs: ([]netlink.Attribute) (len=1 cap=1) {
(netlink.Attribute) {
Length: (uint16) 44,
Type: (uint16) 2,
Data: ([]uint8) (len=40 cap=40) {
00000000 08 00 01 00 ff ff ff fd 1e 00 02 00 63 6e 69 6e |............cnin|
00000010 73 2d 33 2d 34 30 32 36 36 36 37 32 31 38 2d 64 |s-3-4026667218-d|
00000020 75 6d 6d 79 30 00 00 00 |ummy0...|
}
}
},
i: (int) 2,
err: (error) <nil>
})
from nftables.
greenpau
commented on May 4, 2024
something out of place with BigEndian:
e.Kind = VerdictKind(binaryutil.BigEndian.Uint32(nestedAD.Bytes()[8:12]))
spew.Dump(e.Kind)
(expr.VerdictKind) 503316992
vs.
spew.Dump(VerdictJump)
(expr.VerdictKind) -3
from nftables.
greenpau
commented on May 4, 2024
ff ff ff fd would result in -3.
Thus reading nestedAD.Bytes()[4:8]
The question remains as to what are the 4-8... padding?
from nftables.
greenpau
commented on May 4, 2024
e.Kind = VerdictKind(int32(binaryutil.BigEndian.Uint32(nestedAD.Bytes()[4:8])))
Thinking about 🤔 ... iota vs uint32 ...
from nftables.
Related Issues (20)
- Alignment issues on 32-bit archs: TestAlignedBuff32 & TestAlignedBuffInt32 failures HOT 9
- Test failures on s390x: endianness problems? HOT 11
- Reason for not wrapping libnftnl/libmnl. HOT 1
- GetRules lost expr.Masq HOT 1
- nftables go dynset implementation will not work with libnftnl versions <1.1.9 HOT 1
- High
- Feature: add support for monitor HOT 6
- AddSet IPv4 wrong byte order on Ubuntu 22.04 HOT 8
- Rule Handle not updated after InsertRule even using Flush. HOT 4
- Not all response messages are received causing the receive buffer to overflow HOT 8
- Named quotas and their usage in map HOT 1
- BUG: block in Conn.Flush() HOT 4
- How to get an error when try to add an existed table?
- Adding rules in code produces different results and logs than the rules I added directly from the command line HOT 6
- Use a CIDR prefix as target in a NAT rule HOT 3
- Troubleshooting NFTables Table Creation with Go HOT 2
- Objects implementation refactor HOT 1
- Broken deps HOT 3
- Is there a way to mock interface? HOT 3
- [FR] Simplified Method for Determining if IP+Port is Whitelisted or Blacklisted HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nftables.