From f4b646032acff4d743ad4f734aaca68e9264bdbb Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Tue, 24 Jun 2025 18:11:06 +0200 Subject: fib: allow to check if route exists in maps f686a17eafa0 ("fib: Support existence check") adds EXPR_F_BOOLEAN as a workaround to infer from the rhs of the relational expression if the fib lookup wants to check for a specific output interface or, instead, simply check for existence. This, however, does not work with maps. The NFT_FIB_F_PRESENT flag can be used both with NFT_FIB_RESULT_OIF and NFT_FIB_RESULT_OFINAME, my understanding is that they serve the same purpose which is to check if a route exists, so they are redundant. Add a 'check' fib result to check for routes while still keeping the inference workaround for backward compatibility, but prefer the new syntax in the listing. Update man nft(8) and tests/py. Fixes: f686a17eafa0 ("fib: Support existence check") Signed-off-by: Pablo Neira Ayuso --- tests/py/inet/fib.t | 6 ++++-- tests/py/inet/fib.t.json | 35 ++++++++++++++++++++++++++++++++--- tests/py/inet/fib.t.json.output | 6 +++--- tests/py/inet/fib.t.payload | 8 +++++++- 4 files changed, 46 insertions(+), 9 deletions(-) (limited to 'tests/py') diff --git a/tests/py/inet/fib.t b/tests/py/inet/fib.t index dbe45d95..f9c03b3a 100644 --- a/tests/py/inet/fib.t +++ b/tests/py/inet/fib.t @@ -13,5 +13,7 @@ fib daddr . iif type local;ok fib daddr . iif type vmap { blackhole : drop, prohibit : drop, unicast : accept };ok fib daddr . oif type local;fail -fib daddr oif exists;ok -fib daddr oif missing;ok +fib daddr check missing;ok +fib daddr oif exists;ok;fib daddr check exists + +fib daddr check vmap { missing : drop, exists : accept };ok diff --git a/tests/py/inet/fib.t.json b/tests/py/inet/fib.t.json index c2989156..c2e9d454 100644 --- a/tests/py/inet/fib.t.json +++ b/tests/py/inet/fib.t.json @@ -103,7 +103,7 @@ "flags": [ "daddr" ], - "result": "oif" + "result": "check" } }, "op": "==", @@ -112,7 +112,7 @@ } ] -# fib daddr oif missing +# fib daddr check missing [ { "match": { @@ -121,7 +121,7 @@ "flags": [ "daddr" ], - "result": "oif" + "result": "check" } }, "op": "==", @@ -130,3 +130,32 @@ } ] +# fib daddr check vmap { missing : drop, exists : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + false, + { + "drop": null + } + ], + [ + true, + { + "accept": null + } + ] + ] + }, + "key": { + "fib": { + "flags": "daddr", + "result": "check" + } + } + } + } +] diff --git a/tests/py/inet/fib.t.json.output b/tests/py/inet/fib.t.json.output index e21f1e72..e8d01669 100644 --- a/tests/py/inet/fib.t.json.output +++ b/tests/py/inet/fib.t.json.output @@ -44,7 +44,7 @@ "left": { "fib": { "flags": "daddr", - "result": "oif" + "result": "check" } }, "op": "==", @@ -53,14 +53,14 @@ } ] -# fib daddr oif missing +# fib daddr check missing [ { "match": { "left": { "fib": { "flags": "daddr", - "result": "oif" + "result": "check" } }, "op": "==", diff --git a/tests/py/inet/fib.t.payload b/tests/py/inet/fib.t.payload index 050857d9..e09a260c 100644 --- a/tests/py/inet/fib.t.payload +++ b/tests/py/inet/fib.t.payload @@ -26,7 +26,13 @@ ip test-ip prerouting [ fib daddr oif present => reg 1 ] [ cmp eq reg 1 0x00000001 ] -# fib daddr oif missing +# fib daddr check missing ip test-ip prerouting [ fib daddr oif present => reg 1 ] [ cmp eq reg 1 0x00000000 ] + +# fib daddr check vmap { missing : drop, exists : accept } + element 00000000 : drop 0 [end] element 00000001 : accept 0 [end] +ip test-ip prerouting + [ fib daddr oif present => reg 1 ] + [ lookup reg 1 set __map%d dreg 0 ] -- cgit v1.2.3