Pflua emits an internal error on "ip dst 10"

Question

Pflua emits an internal error on "ip dst 10"

takikawa opened this issue 8 years ago · 0 comments

Edit: my original description here was incorrect, I think this is a weird corner case in pflang that should maybe be ruled out?

I think the pflang expression ip dst 10 is not valid according to the WIreshark docs, but tcpdump accepts it. It appears to compile it to a check that the address is really "10" though:

$ /usr/sbin/tcpdump -d "ip dst 10"
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 5
(002) ld       [30]
(003) jeq      #0xa             jt 4    jf 5
(004) ret      #262144
(005) ret      #0

Instead of what I expected which is the same as ip dst net 10:

$ /usr/sbin/tcpdump -d "ip dst net 10"
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 6
(002) ld       [30]
(003) and      #0xff000000
(004) jeq      #0xa000000       jt 5    jf 6
(005) ret      #262144
(006) ret      #0

Meanwhile, for a dotted pair it does the expected thing:

/usr/sbin/tcpdump -d "ip dst 10.10"
(000) ldh      [12]
(001) jeq      #0x800           jt 2    jf 6
(002) ld       [30]
(003) and      #0xffff0000
(004) jeq      #0xa0a0000       jt 5    jf 6
(005) ret      #262144
(006) ret      #0

Pflang also accepts the expression (i.e., parses it and doesn't error) but will emit an internal error later in the process:

$ ../tools/pflua-compile "ip dst 10"
luajit: ./pf/utils.lua:138: attempt to perform arithmetic on local 'b' (a nil value)
stack traceback:
    ./pf/utils.lua:138: in function 'ipv4_to_int'
    ./pf/expand.lua:388: in function 'expander'
    ./pf/expand.lua:1207: in function 'expand_bool'
    ./pf/expand.lua:1214: in function 'expand'
    ./pf.lua:37: in function 'compile_filter'
    ../tools/pflua-compile:58: in main chunk
    [C]: at 0x004046e0

Is being compatible with libpcap desirable in this situation or should this be a (more helpful) error?