diff options
author | Phil Sutter <phil@nwl.cc> | 2018-01-10 21:32:04 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-01-11 13:20:38 +0100 |
commit | 9a4b513014cfdeaad6d247b72a7924b3a536cfe9 (patch) | |
tree | 4bf67caa47b85400ec036a2562e17f439c3007e4 /include | |
parent | 0b3ccd27e12d1df442aa3eac40a2ccb63d6c6407 (diff) |
src: Don't merge adjacent/overlapping ranges
Previously, when adding multiple ranges to a set they were merged if
overlapping or adjacent. This might cause inconvenience though since it
is afterwards not easily possible anymore to remove one of the merged
ranges again while keeping the others in place.
Since it is not possible to have overlapping ranges, this patch adds a
check for newly added ranges to make sure they don't overlap if merging
is turned off.
Note that it is not possible (yet?) to enable range merging using nft
tool.
Testsuite had to be adjusted as well: One test in tests/py changed avoid
adding overlapping ranges and the test in tests/shell which explicitly
tests for this feature dropped.
Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 2 | ||||
-rw-r--r-- | include/netlink.h | 2 | ||||
-rw-r--r-- | include/nftables.h | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/include/expression.h b/include/expression.h index 915ce0ba..0a0e178f 100644 --- a/include/expression.h +++ b/include/expression.h @@ -419,7 +419,7 @@ extern struct expr *set_expr_alloc(const struct location *loc, const struct set *set); extern int set_to_intervals(struct list_head *msgs, struct set *set, struct expr *init, bool add, - unsigned int debug_mask); + unsigned int debug_mask, bool merge); extern void interval_map_decompose(struct expr *set); extern struct expr *mapping_expr_alloc(const struct location *loc, diff --git a/include/netlink.h b/include/netlink.h index 51cd5c9d..4ec215da 100644 --- a/include/netlink.h +++ b/include/netlink.h @@ -42,6 +42,7 @@ extern const struct location netlink_location; * @octx: output context * @debug_mask: display debugging information * @cache: cache context + * @range_merge: merge adjacent/overlapping ranges in new set elements */ struct netlink_ctx { struct mnl_socket *nf_sock; @@ -55,6 +56,7 @@ struct netlink_ctx { unsigned int debug_mask; struct output_ctx *octx; struct nft_cache *cache; + bool range_merge; }; extern struct nftnl_table *alloc_nftnl_table(const struct handle *h); diff --git a/include/nftables.h b/include/nftables.h index 3bfa33e5..f22df0d1 100644 --- a/include/nftables.h +++ b/include/nftables.h @@ -31,6 +31,7 @@ struct nft_ctx { unsigned int debug_mask; struct output_ctx output; bool check; + bool range_merge; struct nft_cache cache; uint32_t flags; }; |