diff options
author | Phil Sutter <phil@nwl.cc> | 2022-09-28 18:08:43 +0200 |
---|---|---|
committer | Phil Sutter <phil@nwl.cc> | 2022-09-28 19:21:16 +0200 |
commit | 66806feef085c0504966c484f687bdf7b09510e3 (patch) | |
tree | 7039e5195da9955faab2f3419684b1a919e9eab2 | |
parent | eddbb27651b93ac6f329bf8113223e7360ea7613 (diff) |
nft: Fix meta statement parsing
The function nft_meta_set_to_target() would always bail since nothing
sets 'sreg->meta_sreg.set' to true. This is obvious, as the immediate
expression "filling" the source register does not indicate its purpose.
The whole source register purpose storing in meta_sreg seems to be
pointless, so drop it altogether.
Fixes: f315af1cf8871 ("nft: track each register individually")
Signed-off-by: Phil Sutter <phil@nwl.cc>
-rw-r--r-- | iptables/nft-shared.c | 14 | ||||
-rw-r--r-- | iptables/nft-shared.h | 6 |
2 files changed, 9 insertions, 11 deletions
diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c index 909fe648..996cff99 100644 --- a/iptables/nft-shared.c +++ b/iptables/nft-shared.c @@ -503,10 +503,7 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx, if (!sreg) return; - if (sreg->meta_sreg.set == 0) - return; - - switch (sreg->meta_sreg.key) { + switch (nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY)) { case NFT_META_NFTRACE: if ((sreg->type != NFT_XT_REG_IMMEDIATE)) { ctx->errmsg = "meta nftrace but reg not immediate"; @@ -526,8 +523,10 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx, } target = xtables_find_target(targname, XTF_TRY_LOAD); - if (target == NULL) + if (target == NULL) { + ctx->errmsg = "target TRACE not found"; return; + } size = XT_ALIGN(sizeof(struct xt_entry_target)) + target->size; @@ -1303,6 +1302,11 @@ void nft_rule_to_iptables_command_state(struct nft_handle *h, else if (strcmp(name, "range") == 0) nft_parse_range(&ctx, expr); + if (ctx.errmsg) { + fprintf(stderr, "%s", ctx.errmsg); + ctx.errmsg = NULL; + } + expr = nftnl_expr_iter_next(iter); } diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h index c07d3270..3d935d53 100644 --- a/iptables/nft-shared.h +++ b/iptables/nft-shared.h @@ -68,11 +68,6 @@ struct nft_xt_ctx_reg { uint32_t xor[4]; bool set; } bitwise; - - struct { - uint32_t key; - bool set; - } meta_sreg; }; struct nft_xt_ctx { @@ -118,7 +113,6 @@ static inline void nft_xt_reg_clear(struct nft_xt_ctx_reg *r) { r->type = 0; r->bitwise.set = false; - r->meta_sreg.set = false; } static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_dreg(struct nft_xt_ctx *ctx, enum nft_registers reg) |