diff options
author | Arturo Borrero Gonzalez <arturo@netfilter.org> | 2018-02-25 18:30:24 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-02-25 23:09:02 +0100 |
commit | 8c61fa70f3cebed06b23292a3467f1dbc1b96ce9 (patch) | |
tree | 46f4550c256a590094c0e732077675d40a73051a /src | |
parent | ba00c6b18ee2bf3bc100226ecc2e6bfd779eb482 (diff) |
meta: introduce datatype ifname_type
This new datatype is a string subtype.
It will allow us to build named maps/sets using meta keys like 'iifname',
'oifname', 'ibriport' or 'obriport'.
Example:
table inet t {
set s {
type ifname
elements = { "eth0",
"eth1" }
}
chain c {
iifname @s accept
oifname @s accept
}
}
Signed-off-by: Arturo Borrero Gonzalez <arturo@netfilter.org>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/datatype.c | 1 | ||||
-rw-r--r-- | src/evaluate.c | 9 | ||||
-rw-r--r-- | src/meta.c | 17 | ||||
-rw-r--r-- | src/netlink_delinearize.c | 13 | ||||
-rw-r--r-- | src/netlink_linearize.c | 2 |
5 files changed, 26 insertions, 16 deletions
diff --git a/src/datatype.c b/src/datatype.c index 93726caf..324ac802 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -68,6 +68,7 @@ static const struct datatype *datatypes[TYPE_MAX + 1] = { [TYPE_ECN] = &ecn_type, [TYPE_FIB_ADDR] = &fib_addr_type, [TYPE_BOOLEAN] = &boolean_type, + [TYPE_IFNAME] = &ifname_type, }; const struct datatype *datatype_lookup(enum datatypes type) diff --git a/src/evaluate.c b/src/evaluate.c index e5ad1044..c98749d9 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -245,7 +245,7 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) /* We need to reallocate the constant expression with the right * expression length to avoid problems on big endian. */ - value = constant_expr_alloc(&expr->location, &string_type, + value = constant_expr_alloc(&expr->location, ctx->ectx.dtype, BYTEORDER_HOST_ENDIAN, expr->len, data); expr_free(expr); @@ -260,20 +260,20 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp) memset(unescaped_str, 0, sizeof(unescaped_str)); xstrunescape(data, unescaped_str); - value = constant_expr_alloc(&expr->location, &string_type, + value = constant_expr_alloc(&expr->location, ctx->ectx.dtype, BYTEORDER_HOST_ENDIAN, expr->len, unescaped_str); expr_free(expr); *exprp = value; return 0; } - value = constant_expr_alloc(&expr->location, &string_type, + value = constant_expr_alloc(&expr->location, ctx->ectx.dtype, BYTEORDER_HOST_ENDIAN, datalen * BITS_PER_BYTE, data); prefix = prefix_expr_alloc(&expr->location, value, datalen * BITS_PER_BYTE); - prefix->dtype = &string_type; + prefix->dtype = ctx->ectx.dtype; prefix->flags |= EXPR_F_CONSTANT; prefix->byteorder = BYTEORDER_HOST_ENDIAN; @@ -1769,6 +1769,7 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp) meta->meta.key == NFT_META_NFPROTO) return expr_error(ctx->msgs, meta, "meta nfproto is only useful in the inet family"); + return expr_evaluate_primary(ctx, exprp); } @@ -369,6 +369,15 @@ const struct datatype devgroup_type = { .flags = DTYPE_F_PREFIX, }; +const struct datatype ifname_type = { + .type = TYPE_IFNAME, + .name = "ifname", + .desc = "network interface name", + .byteorder = BYTEORDER_HOST_ENDIAN, + .size = IFNAMSIZ * BITS_PER_BYTE, + .basetype = &string_type, +}; + static const struct meta_template meta_templates[] = { [NFT_META_LEN] = META_TEMPLATE("length", &integer_type, 4 * 8, BYTEORDER_HOST_ENDIAN), @@ -384,14 +393,14 @@ static const struct meta_template meta_templates[] = { 4 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_IIF] = META_TEMPLATE("iif", &ifindex_type, 4 * 8, BYTEORDER_HOST_ENDIAN), - [NFT_META_IIFNAME] = META_TEMPLATE("iifname", &string_type, + [NFT_META_IIFNAME] = META_TEMPLATE("iifname", &ifname_type, IFNAMSIZ * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), [NFT_META_IIFTYPE] = META_TEMPLATE("iiftype", &arphrd_type, 2 * 8, BYTEORDER_HOST_ENDIAN), [NFT_META_OIF] = META_TEMPLATE("oif", &ifindex_type, 4 * 8, BYTEORDER_HOST_ENDIAN), - [NFT_META_OIFNAME] = META_TEMPLATE("oifname", &string_type, + [NFT_META_OIFNAME] = META_TEMPLATE("oifname", &ifname_type, IFNAMSIZ * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), [NFT_META_OIFTYPE] = META_TEMPLATE("oiftype", &arphrd_type, @@ -404,10 +413,10 @@ static const struct meta_template meta_templates[] = { 1 , BYTEORDER_HOST_ENDIAN), [NFT_META_RTCLASSID] = META_TEMPLATE("rtclassid", &realm_type, 4 * 8, BYTEORDER_HOST_ENDIAN), - [NFT_META_BRI_IIFNAME] = META_TEMPLATE("ibriport", &string_type, + [NFT_META_BRI_IIFNAME] = META_TEMPLATE("ibriport", &ifname_type, IFNAMSIZ * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), - [NFT_META_BRI_OIFNAME] = META_TEMPLATE("obriport", &string_type, + [NFT_META_BRI_OIFNAME] = META_TEMPLATE("obriport", &ifname_type, IFNAMSIZ * BITS_PER_BYTE, BYTEORDER_HOST_ENDIAN), [NFT_META_PKTTYPE] = META_TEMPLATE("pkttype", &pkttype_type, diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 622425ee..a1f0e923 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -271,9 +271,8 @@ static void netlink_parse_cmp(struct netlink_parse_ctx *ctx, right = netlink_alloc_value(loc, &nld); if (left->len > right->len && - left->dtype != &string_type) { - return netlink_error(ctx, loc, - "Relational expression size mismatch"); + expr_basetype(left) != &string_type) { + return netlink_error(ctx, loc, "Relational expression size mismatch"); } else if (left->len > 0 && left->len < right->len) { left = netlink_parse_concat_expr(ctx, loc, sreg, right->len); if (left == NULL) @@ -1728,7 +1727,7 @@ static struct expr *string_wildcard_expr_alloc(struct location *loc, data[pos] = '*'; data[pos + 1] = '\0'; - return constant_expr_alloc(loc, &string_type, BYTEORDER_HOST_ENDIAN, + return constant_expr_alloc(loc, expr->dtype, BYTEORDER_HOST_ENDIAN, expr->len + BITS_PER_BYTE, data); } @@ -1744,7 +1743,7 @@ static void escaped_string_wildcard_expr_alloc(struct expr **exprp, data[pos - 1] = '\\'; data[pos] = '*'; - tmp = constant_expr_alloc(&expr->location, &string_type, + tmp = constant_expr_alloc(&expr->location, expr->dtype, BYTEORDER_HOST_ENDIAN, expr->len + BITS_PER_BYTE, data); expr_free(expr); @@ -1789,7 +1788,7 @@ static struct expr *expr_postprocess_string(struct expr *expr) { struct expr *mask; - assert(expr->dtype->type == TYPE_STRING); + assert(expr_basetype(expr)->type == TYPE_STRING); if (__expr_postprocess_string(&expr)) return expr; @@ -1893,7 +1892,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) if (expr->byteorder == BYTEORDER_HOST_ENDIAN) mpz_switch_byteorder(expr->value, expr->len / BITS_PER_BYTE); - if (expr->dtype->type == TYPE_STRING) + if (expr_basetype(expr)->type == TYPE_STRING) *exprp = expr_postprocess_string(expr); if (expr->dtype->basetype != NULL && diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 99a4dde2..77abdcb8 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -364,7 +364,7 @@ static void netlink_gen_cmp(struct netlink_linearize_ctx *ctx, return netlink_gen_lookup(ctx, expr, dreg); case EXPR_PREFIX: sreg = get_register(ctx, expr->left); - if (expr->left->dtype->type != TYPE_STRING) { + if (expr_basetype(expr->left)->type != TYPE_STRING) { len = div_round_up(expr->right->len, BITS_PER_BYTE); netlink_gen_expr(ctx, expr->left, sreg); right = netlink_gen_prefix(ctx, expr, sreg); |