diff options
| author | Florian Westphal <fw@strlen.de> | 2022-09-27 14:16:15 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-09-29 14:59:14 +0200 |
| commit | 8a0a3dbd208e0559bcce9008accfe38c7143183c (patch) | |
| tree | 17347a88a9a3508f5e1b68465e595df30bfc5b10 | |
| parent | df9ddef00af5ba54c027eb5425eedc2b55a22a3e (diff) | |
evaluate: add ethernet header size offset for implicit vlan dependency
'vlan id 1'
must also add a ethernet header dep, else nft fetches the payload from
header offset 0 instead of 14.
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | src/evaluate.c | 20 |
1 files changed, 19 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index ca6e5883..a52867b3 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -723,7 +723,25 @@ static int __expr_evaluate_payload(struct eval_ctx *ctx, struct expr *expr) rule_stmt_insert_at(ctx->rule, nstmt, ctx->stmt); desc = ctx->pctx.protocol[base].desc; - goto check_icmp; + + if (desc == expr->payload.desc) + goto check_icmp; + + if (base == PROTO_BASE_LL_HDR) { + int link; + + link = proto_find_num(desc, payload->payload.desc); + if (link < 0 || + conflict_resolution_gen_dependency(ctx, link, payload, &nstmt) < 0) + return expr_error(ctx->msgs, payload, + "conflicting protocols specified: %s vs. %s", + desc->name, + payload->payload.desc->name); + + payload->payload.offset += ctx->pctx.stacked_ll[0]->length; + rule_stmt_insert_at(ctx->rule, nstmt, ctx->stmt); + return 1; + } } if (payload->payload.base == desc->base && |