diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2020-01-30 01:16:56 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-07 13:53:37 +0100 |
commit | 6156ba34018dddd59cb6737cfd5a69a0cbc5eaa4 (patch) | |
tree | 5602a86a1ebef4e82c5d0b3517bb4273a26d6ac6 /include | |
parent | 9b94127950f9848bc5a1505ae65ca3045ff68a16 (diff) |
src: Add support for NFTNL_SET_DESC_CONCAT
To support arbitrary range concatenations, the kernel needs to know
how long each field in the concatenation is. The new libnftnl
NFTNL_SET_DESC_CONCAT set attribute describes this as an array of
lengths, in bytes, of concatenated fields.
While evaluating concatenated expressions, export the datatype size
into the new field_len array, and hand the data over via libnftnl.
Similarly, when data is passed back from libnftnl, parse it into
the set description.
When set data is cloned, we now need to copy the additional fields
in set_clone(), too.
This change depends on the libnftnl patch with title:
set: Add support for NFTA_SET_DESC_CONCAT attributes
v4: No changes
v3: Rework to use set description data instead of a stand-alone
attribute
v2: No changes
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r-- | include/expression.h | 2 | ||||
-rw-r--r-- | include/rule.h | 6 |
2 files changed, 7 insertions, 1 deletions
diff --git a/include/expression.h b/include/expression.h index b3e79c49..6196be58 100644 --- a/include/expression.h +++ b/include/expression.h @@ -261,6 +261,8 @@ struct expr { struct list_head expressions; unsigned int size; uint32_t set_flags; + uint8_t field_len[NFT_REG32_COUNT]; + uint8_t field_count; }; struct { /* EXPR_SET_REF */ diff --git a/include/rule.h b/include/rule.h index d5b31765..a7f106f7 100644 --- a/include/rule.h +++ b/include/rule.h @@ -289,7 +289,9 @@ extern struct rule *rule_lookup_by_index(const struct chain *chain, * @rg_cache: cached range element (left) * @policy: set mechanism policy * @automerge: merge adjacents and overlapping elements, if possible - * @desc: set mechanism desc + * @desc.size: count of set elements + * @desc.field_len: length of single concatenated fields, bytes + * @desc.field_count: count of concatenated fields */ struct set { struct list_head list; @@ -310,6 +312,8 @@ struct set { bool key_typeof_valid; struct { uint32_t size; + uint8_t field_len[NFT_REG32_COUNT]; + uint8_t field_count; } desc; }; |