diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-23 19:55:39 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-02-24 13:03:43 +0100 |
commit | 3975430b12d97c92cdf03753342f2269153d5624 (patch) | |
tree | 6eaf4f9a81a37534dec81f7e8aa154d87d46a0d9 /include | |
parent | 66191ce8b9c03cea1525f3f73f543ecf06cd58c4 (diff) |
src: expand table command before evaluation
The nested syntax notation results in one single table command which
includes all other objects. This differs from the flat notation where
there is usually one command per object.
This patch adds a previous step to the evaluation phase to expand the
objects that are contained in the table into independent commands, so
both notations have similar representations.
Remove the code to evaluate the nested representation in the evaluation
phase since commands are independently evaluated after the expansion.
The commands are expanded after the set element collapse step, in case
that there is a long list of singleton element commands to be added to
the set, to shorten the command list iteration.
This approach also avoids interference with the object cache that is
populated in the evaluation, which might refer to objects coming in the
existing command list that is being processed.
There is still a post_expand phase to detach the elements from the set
which could be consolidated by updating the evaluation step to handle
the CMD_OBJ_SETELEMS command type.
This patch fixes 27c753e4a8d4 ("rule: expand standalone chain that
contains rules") which broke rule addition/insertion by index because
the expansion code after the evaluation messes up the cache.
Fixes: 27c753e4a8d4 ("rule: expand standalone chain that contains rules")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/rule.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/include/rule.h b/include/rule.h index 0828d161..f3db6aab 100644 --- a/include/rule.h +++ b/include/rule.h @@ -736,6 +736,7 @@ extern struct cmd *cmd_alloc(enum cmd_ops op, enum cmd_obj obj, const struct handle *h, const struct location *loc, void *data); extern void nft_cmd_expand(struct cmd *cmd); +extern void nft_cmd_post_expand(struct cmd *cmd); extern bool nft_cmd_collapse(struct list_head *cmds); extern void nft_cmd_uncollapse(struct list_head *cmds); extern struct cmd *cmd_alloc_obj_ct(enum cmd_ops op, int type, |