Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FIB objects not present when reading #291

Closed
aojea opened this issue Jan 2, 2025 · 3 comments
Closed

FIB objects not present when reading #291

aojea opened this issue Jan 2, 2025 · 3 comments

Comments

@aojea
Copy link
Contributor

aojea commented Jan 2, 2025
edited
Loading

Repro

nft --debug=netlink insert rule inet cni-kindnet output fib daddr type local
inet cni-kindnet output
  [ fib daddr type => reg 1 ]
  [ cmp eq reg 1 0x00000002 ]

gives

nft list chain inet cni-kindnet output
table inet cni-kindnet {
        chain output {
                type nat hook output priority -100; policy accept;
                fib daddr type local
        }
}

Using my "hacky" golang dumper https://gist.github.com/aojea/8a811e11a060fa638aa2dd8165960d5a

/nfroundtrip cni-kindnet output
2025/01/02 15:51:48 rule position 0
&expr.Cmp{Op:0x0, Register:0x1, Data:[]uint8{0x2, 0x0, 0x0, 0x0}}

right expressions with golang

		// only packets destined to local addresses
		&expr.Fib{
			Register:       1,
			FlagDADDR:      true,
			ResultADDRTYPE: true,
		},
		&expr.Cmp{
			// [ cmp eq reg 1 0x00000002 ]
			Op:       expr.CmpOpEq,
			Register: 1,
			Data:     encodeWithAlignment(byte(unix.RTN_LOCAL)),
		},

so it seems the parsing is not working as expected? it is missing the FIB object
@turekt turekt mentioned this issue Jan 14, 2025
Merged
@turekt
Copy link
Contributor

turekt commented Jan 15, 2025

Good catch. I fixed it by adding expr name to exprFromName function.

# go run main.go cni-kindnet output
2025/01/15 00:37:58 rule position 0
&expr.Fib{Register:0x1, ResultOIF:true, ResultOIFNAME:false, ResultADDRTYPE:false, FlagSADDR:false, FlagDADDR:false, FlagMARK:false, FlagIIF:false, FlagOIF:false, FlagPRESENT:false}
&expr.Cmp{Op:0x0, Register:0x1, Data:[]uint8{0x2, 0x0, 0x0, 0x0}}

As you can see, this still did not produce the correct result so I made a few changes to fib marshaling as well. Now it seems to work as expected:

# go run dumper.go filter test-chain
2025/01/15 01:38:45 rule position 0
&expr.Fib{Register:0x1, ResultOIF:false, ResultOIFNAME:false, ResultADDRTYPE:true, FlagSADDR:false, FlagDADDR:true, FlagMARK:false, FlagIIF:false, FlagOIF:false, FlagPRESENT:false}
&expr.Cmp{Op:0x0, Register:0x1, Data:[]uint8{0x2, 0x0, 0x0, 0x0}}

The issue should be resolved once the PR #296 is merged.

@turekt
Copy link
Contributor

turekt commented Jan 19, 2025

Hi @aojea,

the PR is now merged. If your case works correctly, I suggest that this issue is closed.

@aojea
Copy link
Contributor Author

aojea commented Jan 19, 2025

Thanks for the prompt response

@aojea aojea closed this as completed Jan 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@aojea @turekt