Commit 736d4ff7 authored by David Johnson's avatar David Johnson

Add ipv6addr() nftables expr helper.

parent 575ecefd
...@@ -86,3 +86,56 @@ def ipv4addr(src=None, dst=None): ...@@ -86,3 +86,56 @@ def ipv4addr(src=None, dst=None):
kwarg['data'] = {'attrs': [('NFTA_DATA_VALUE', packed)]} kwarg['data'] = {'attrs': [('NFTA_DATA_VALUE', packed)]}
ret.append(genex('cmp', kwarg)) ret.append(genex('cmp', kwarg))
return ret return ret
def ipv6addr(src=None, dst=None):
if not src and not dst:
raise ValueError('must be at least one of src, dst')
ret = []
# get masks
src, src_mask = get_mask(src)
dst, dst_mask = get_mask(dst)
# load address(es) into NFT_REG_1
kwarg = OrderedDict()
kwarg['dreg'] = 1 # save to NFT_REG_1
kwarg['base'] = 1 # NFT_PAYLOAD_NETWORK_HEADER
kwarg['offset'] = 8 if src else 24
kwarg['len'] = 32 if (src and dst) else 16
ret.append(genex('payload', kwarg))
# run bitwise with masks -- if provided
if src_mask or dst_mask:
mask = b''
if src:
if not src_mask:
src_mask = '128'
src_mask = int('1' * int(src_mask), 2)
mask += struct.pack('QQ', src_mask)
if dst:
if not dst_mask:
dst_mask = '128'
dst_mask = int('1' * int(dst_mask), 2)
mask += struct.pack('QQ', dst_mask)
xor = '\x00' * len(mask)
kwarg = OrderedDict()
kwarg['sreg'] = 1 # read from NFT_REG_1
kwarg['dreg'] = 1 # save to NFT_REG_1
kwarg['len'] = 32 if (src and dst) else 16
kwarg['mask'] = {'attrs': [('NFTA_DATA_VALUE', mask)]}
kwarg['xor'] = {'attrs': [('NFTA_DATA_VALUE', xor)]}
ret.append(genex('bitwise', kwarg))
# run cmp
packed = b''
if src:
packed += socket.inet_pton(socket.AF_INET6,src)
if dst:
packed += socket.inet_pton(socket.AF_INET6,dst)
kwarg = OrderedDict()
kwarg['sreg'] = 1 # read from NFT_REG_1
kwarg['op'] = 0 # NFT_CMP_EQ
kwarg['data'] = {'attrs': [('NFTA_DATA_VALUE', packed)]}
ret.append(genex('cmp', kwarg))
return ret
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment