add exprs and test for TCP MSS clamping

expr/bitwise.go

@@ -0,0 +1,65 @@
+// Copyright 2018 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package expr
+
+import (
+	"fmt"
+
+	"github.com/google/nftables/binaryutil"
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+type Bitwise struct {
+	SourceRegister uint32
+	DestRegister   uint32
+	Len            uint32
+	Mask           []byte
+	Xor            []byte
+}
+
+func (e *Bitwise) marshal() ([]byte, error) {
+	mask, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_DATA_VALUE, Data: e.Mask},
+	})
+	if err != nil {
+		return nil, err
+	}
+	xor, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_DATA_VALUE, Data: e.Xor},
+	})
+	if err != nil {
+		return nil, err
+	}
+
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_BITWISE_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
+		{Type: unix.NFTA_BITWISE_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
+		{Type: unix.NFTA_BITWISE_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_MASK, Data: mask},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_BITWISE_XOR, Data: xor},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("bitwise\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
+}
+
+func (e *Bitwise) unmarshal(data []byte) error {
+	return fmt.Errorf("not yet implemented")
+}

expr/byteorder.go

@@ -0,0 +1,59 @@
+// Copyright 2018 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package expr
+
+import (
+	"fmt"
+
+	"github.com/google/nftables/binaryutil"
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+type ByteorderOp uint32
+
+const (
+	ByteorderNtoh ByteorderOp = unix.NFT_BYTEORDER_NTOH
+	ByteorderHton ByteorderOp = unix.NFT_BYTEORDER_HTON
+)
+
+type Byteorder struct {
+	SourceRegister uint32
+	DestRegister   uint32
+	Op             ByteorderOp
+	Len            uint32
+	Size           uint32
+}
+
+func (e *Byteorder) marshal() ([]byte, error) {
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_BYTEORDER_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
+		{Type: unix.NFTA_BYTEORDER_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
+		{Type: unix.NFTA_BYTEORDER_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
+		{Type: unix.NFTA_BYTEORDER_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
+		{Type: unix.NFTA_BYTEORDER_SIZE, Data: binaryutil.BigEndian.PutUint32(e.Size)},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("byteorder\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
+}
+
+func (e *Byteorder) unmarshal(data []byte) error {
+	return fmt.Errorf("not yet implemented")
+}

expr/exthdr.go

@@ -0,0 +1,64 @@
+// Copyright 2018 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package expr
+
+import (
+	"fmt"
+
+	"github.com/google/nftables/binaryutil"
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+type ExthdrOp uint32
+
+const (
+	ExthdrOpIpv6   ExthdrOp = unix.NFT_EXTHDR_OP_IPV6
+	ExthdrOpTcpopt ExthdrOp = unix.NFT_EXTHDR_OP_TCPOPT
+)
+
+type Exthdr struct {
+	DestRegister   uint32
+	Type           uint8
+	Offset         uint32
+	Len            uint32
+	Flags          uint32
+	Op             ExthdrOp
+	SourceRegister uint32
+}
+
+func (e *Exthdr) marshal() ([]byte, error) {
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXTHDR_SREG, Data: binaryutil.BigEndian.PutUint32(e.SourceRegister)},
+		{Type: unix.NFTA_EXTHDR_TYPE, Data: []byte{e.Type}},
+		{Type: unix.NFTA_EXTHDR_OFFSET, Data: binaryutil.BigEndian.PutUint32(e.Offset)},
+		{Type: unix.NFTA_EXTHDR_LEN, Data: binaryutil.BigEndian.PutUint32(e.Len)},
+		// TODO: these fields seem to be conditional?
+		//{Type: unix.NFTA_EXTHDR_DREG, Data: binaryutil.BigEndian.PutUint32(e.DestRegister)},
+		//{Type: unix.NFTA_EXTHDR_FLAGS, Data: binaryutil.BigEndian.PutUint32(e.Flags)},
+		{Type: unix.NFTA_EXTHDR_OP, Data: binaryutil.BigEndian.PutUint32(uint32(e.Op))},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("exthdr\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
+}
+
+func (e *Exthdr) unmarshal(data []byte) error {
+	return fmt.Errorf("not yet implemented")
+}

expr/rt.go

@@ -0,0 +1,55 @@
+// Copyright 2018 Google LLC. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package expr
+
+import (
+	"fmt"
+
+	"github.com/google/nftables/binaryutil"
+	"github.com/mdlayher/netlink"
+	"golang.org/x/sys/unix"
+)
+
+type RtKey uint32
+
+const (
+	RtClassid  RtKey = unix.NFT_RT_CLASSID
+	RtNexthop4 RtKey = unix.NFT_RT_NEXTHOP4
+	RtNexthop6 RtKey = unix.NFT_RT_NEXTHOP6
+	RtTCPMSS   RtKey = unix.NFT_RT_TCPMSS
+)
+
+type Rt struct {
+	Register uint32
+	Key      RtKey
+}
+
+func (e *Rt) marshal() ([]byte, error) {
+	data, err := netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_RT_KEY, Data: binaryutil.BigEndian.PutUint32(uint32(e.Key))},
+		{Type: unix.NFTA_RT_DREG, Data: binaryutil.BigEndian.PutUint32(e.Register)},
+	})
+	if err != nil {
+		return nil, err
+	}
+	return netlink.MarshalAttributes([]netlink.Attribute{
+		{Type: unix.NFTA_EXPR_NAME, Data: []byte("rt\x00")},
+		{Type: unix.NLA_F_NESTED | unix.NFTA_EXPR_DATA, Data: data},
+	})
+}
+
+func (e *Rt) unmarshal(data []byte) error {
+	return fmt.Errorf("not yet implemented")
+}