diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-02-07 23:53:32 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2024-02-09 16:56:04 +0100 |
| commit | 9fe58952c45a1643dc7df1a0b1f5d88e8ae1a978 (patch) | |
| tree | 444a071b295eb3fab8ed1e578fe391ea7079ae44 /src/evaluate.c | |
| parent | da28f381537415d3278bd0399175b6d82fc14200 (diff) | |
evaluate: skip byteorder conversion for selector smaller than 2 bytes
Add unary expression to trigger byteorder conversion for host byteorder
selectors only if selectors length is larger or equal than 2 bytes.
# cat test.nft
table ip x {
set test {
type ipv4_addr . ether_addr . inet_proto
flags interval
}
chain y {
ip saddr . ether saddr . meta l4proto @test counter
}
}
# nft -f test.nft
ip x y
[ meta load iiftype => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
[ payload load 4b @ network header + 12 => reg 1 ]
[ payload load 6b @ link header + 6 => reg 9 ]
[ meta load l4proto => reg 11 ]
[ byteorder reg 11 = hton(reg 11, 2, 1) ] <--- should not be here
[ lookup reg 1 set test ]
[ counter pkts 0 bytes 0 ]
Fixes: 1017d323cafa ("src: support for selectors with different byteorder with interval concatenations")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
| -rw-r--r-- | src/evaluate.c | 12 |
1 files changed, 7 insertions, 5 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 1b430b72..92e009ef 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -199,12 +199,14 @@ static int byteorder_conversion(struct eval_ctx *ctx, struct expr **expr, assert(basetype == TYPE_INTEGER); - op = byteorder_conversion_op(i, byteorder); - unary = unary_expr_alloc(&i->location, op, i); - if (expr_evaluate(ctx, &unary) < 0) - return -1; + if (div_round_up(i->len, BITS_PER_BYTE) >= 2) { + op = byteorder_conversion_op(i, byteorder); + unary = unary_expr_alloc(&i->location, op, i); + if (expr_evaluate(ctx, &unary) < 0) + return -1; - list_replace(&i->list, &unary->list); + list_replace(&i->list, &unary->list); + } } return 0; |