diff options
| author | Manuel Messner <mm@skelett.io> | 2017-02-07 03:14:14 +0100 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2017-02-12 15:34:47 +0100 |
| commit | 055e1d6d343cb6a39938d6660c3fc66f242c7e7f (patch) | |
| tree | e76c14021c444aec58c8fb522edae8b3940e062a | |
| parent | c17509c6d1948f28f8cda71fef79447ec273573d (diff) | |
payload: automatically kill dependencies for exthdr and tcpopt
This patch automatically removes the dependencies for exthdr and tcpopt.
# nft add rule filter input tcp option maxseg kind 3 counter.
# nft list table filter input
Before:
# ip protocol 6 tcp option maxseg kind 3 counter
After:
# tcp option maxseg kind 3 counter
Thus allowing to write tests as follows:
# tcp option maxseg kind 3;ok
Signed-off-by: Manuel Messner <mm@skelett.io>
Signed-off-by: Florian Westphal <fw@strlen.de>
| -rw-r--r-- | include/payload.h | 2 | ||||
| -rw-r--r-- | src/netlink_delinearize.c | 2 | ||||
| -rw-r--r-- | src/payload.c | 14 |
3 files changed, 17 insertions, 1 deletions
diff --git a/include/payload.h b/include/payload.h index 5952b24f..a3d23095 100644 --- a/include/payload.h +++ b/include/payload.h @@ -42,6 +42,8 @@ extern void __payload_dependency_kill(struct payload_dep_ctx *ctx, enum proto_bases base); extern void payload_dependency_kill(struct payload_dep_ctx *ctx, struct expr *expr); +extern void exthdr_dependency_kill(struct payload_dep_ctx *ctx, + struct expr *expr); extern bool payload_can_merge(const struct expr *e1, const struct expr *e2); extern struct expr *payload_expr_join(const struct expr *e1, diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 1e94af49..90553836 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -1841,7 +1841,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp) expr_postprocess(ctx, &expr->key); break; case EXPR_EXTHDR: - __payload_dependency_kill(&ctx->pdctx, PROTO_BASE_NETWORK_HDR); + exthdr_dependency_kill(&ctx->pdctx, expr); break; case EXPR_SET_REF: case EXPR_META: diff --git a/src/payload.c b/src/payload.c index 0207296e..169954ba 100644 --- a/src/payload.c +++ b/src/payload.c @@ -410,6 +410,20 @@ void payload_dependency_kill(struct payload_dep_ctx *ctx, struct expr *expr) __payload_dependency_kill(ctx, expr->payload.base); } +void exthdr_dependency_kill(struct payload_dep_ctx *ctx, struct expr *expr) +{ + switch (expr->exthdr.op) { + case NFT_EXTHDR_OP_TCPOPT: + __payload_dependency_kill(ctx, PROTO_BASE_TRANSPORT_HDR); + break; + case NFT_EXTHDR_OP_IPV6: + __payload_dependency_kill(ctx, PROTO_BASE_NETWORK_HDR); + break; + default: + break; + } +} + /** * payload_expr_complete - fill in type information of a raw payload expr * |