src: Interpret OP_NEQ against a set as OP_LOOKUP

Now that the support for inverted matching is in the kernel and in libnftnl, add it to nftables too. This fixes bug #888 Signed-off-by: Anatole Denis <anatole@rezel.net> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Anatole Denis <anatole@rezel.net> 2016-11-24 15:16:20 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2016-11-29 22:49:01 +0100
commit: cc7b37d18a687d53e8724b3104b042e6767a9cef (patch)
tree: f28e1f4934a30d1b3aff0f6aad3beebea8d85ec5 /src/evaluate.c
parent: 601506d95267059c707685a998416221768ae4cf (diff)
1 files changed, 14 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 51d644fe..c841aafd 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1526,6 +1526,20 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
 			if (byteorder_conversion(ctx, &rel->right, left->byteorder) < 0)
 				return -1;
 			break;
+		case EXPR_SET:
+			assert(rel->op == OP_NEQ);
+			right = rel->right =
+				implicit_set_declaration(ctx, "__set%d",
+							 left->dtype, left->len,
+							 right);
+			/* fall through */
+		case EXPR_SET_REF:
+			assert(rel->op == OP_NEQ);
+			/* Data for range lookups needs to be in big endian order */
+			if (right->set->flags & SET_F_INTERVAL &&
+			    byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0)
+				return -1;
+			break;
 		default:
 			BUG("invalid expression type %s\n", right->ops->name);
 		}
author	Anatole Denis <anatole@rezel.net>	2016-11-24 15:16:20 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2016-11-29 22:49:01 +0100
commit	cc7b37d18a687d53e8724b3104b042e6767a9cef (patch)
tree	f28e1f4934a30d1b3aff0f6aad3beebea8d85ec5 /src/evaluate.c
parent	601506d95267059c707685a998416221768ae4cf (diff)