netlink: do binop postprocessing also for map lookups

old nft list:
mark set unknown unknown & 0xfff [invalid type] map { 3 : 0x00000017, 1 : 0x0000002a}
new:
mark set vlan id map { 3 : 0x00000017, 1 : 0x0000002a}

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

5 files changed, 55 insertions, 0 deletions

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 724d52f7..76d598ca 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1204,6 +1204,18 @@ static void binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
 	}
 }
 
+static void map_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
+{
+	struct expr *binop = expr->left;
+
+	if (binop->op != OP_AND)
+		return;
+
+	if (binop->left->ops->type == EXPR_PAYLOAD &&
+	    binop->right->ops->type == EXPR_VALUE)
+		binop_postprocess(ctx, expr);
+}
+
 static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *expr)
 {
 	struct expr *binop = expr->left, *value = expr->right;
@@ -1356,6 +1368,14 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
 
 	switch (expr->ops->type) {
 	case EXPR_MAP:
+		switch (expr->map->ops->type) {
+		case EXPR_BINOP:
+			map_binop_postprocess(ctx, expr);
+			break;
+		default:
+			break;
+		}
+
 		expr_postprocess(ctx, &expr->map);
 		expr_postprocess(ctx, &expr->mappings);
 		break;
diff --git a/tests/py/inet/map.t b/tests/py/inet/map.t
index f48afcd2..5075540b 100644
--- a/tests/py/inet/map.t
+++ b/tests/py/inet/map.t
@@ -6,3 +6,4 @@
 *netdev;test-netdev;ingress
 
 mark set ip saddr map { 10.2.3.2 : 0x0000002a, 10.2.3.1 : 0x00000017};ok;mark set ip saddr map { 10.2.3.1 : 0x00000017, 10.2.3.2 : 0x0000002a}
+mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001};ok;mark set ip hdrlength map { 4 : 0x00000001, 5 : 0x00000017}
diff --git a/tests/py/inet/map.t.payload.inet b/tests/py/inet/map.t.payload.inet
index 73e68b60..a0ff003b 100644
--- a/tests/py/inet/map.t.payload.inet
+++ b/tests/py/inet/map.t.payload.inet
@@ -9,3 +9,15 @@ inet test-inet input
   [ lookup reg 1 set map%d dreg 1 ]
   [ meta set mark with reg 1 ]
 
+# mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001}
+map%d test-inet b
+map%d test-inet 0
+	element 00000005  : 00000017 0 [end]	element 00000004  : 00000001 0 [end]
+inet test-inet input
+  [ meta load nfproto => reg 1 ]
+  [ cmp eq reg 1 0x00000002 ]
+  [ payload load 1b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ]
+  [ lookup reg 1 set map%d dreg 1 ]
+  [ meta set mark with reg 1 ]
+
diff --git a/tests/py/inet/map.t.payload.ip b/tests/py/inet/map.t.payload.ip
index 54b9583a..465a55ae 100644
--- a/tests/py/inet/map.t.payload.ip
+++ b/tests/py/inet/map.t.payload.ip
@@ -7,3 +7,13 @@ ip test-ip input
   [ lookup reg 1 set map%d dreg 1 ]
   [ meta set mark with reg 1 ]
 
+# mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001}
+map%d test-ip4 b
+map%d test-ip4 0
+	element 00000004  : 00000001 0 [end]	element 00000005  : 00000017 0 [end]
+ip test-ip4 input
+  [ payload load 1b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ]
+  [ lookup reg 1 set map%d dreg 1 ]
+  [ meta set mark with reg 1 ]
+
diff --git a/tests/py/inet/map.t.payload.netdev b/tests/py/inet/map.t.payload.netdev
index 27a3ca8f..fb9260cb 100644
--- a/tests/py/inet/map.t.payload.netdev
+++ b/tests/py/inet/map.t.payload.netdev
@@ -9,3 +9,15 @@ netdev test-netdev ingress
   [ lookup reg 1 set map%d dreg 1 ]
   [ meta set mark with reg 1 ]
 
+# mark set ip hdrlength map { 5 : 0x00000017, 4 : 0x00000001}
+map%d test-netdev b
+map%d test-netdev 0
+	element 00000005  : 00000017 0 [end]	element 00000004  : 00000001 0 [end]
+netdev test-netdev ingress
+  [ meta load protocol => reg 1 ]
+  [ cmp eq reg 1 0x00000008 ]
+  [ payload load 1b @ network header + 0 => reg 1 ]
+  [ bitwise reg 1 = (reg=1 & 0x0000000f ) ^ 0x00000000 ]
+  [ lookup reg 1 set map%d dreg 1 ]
+  [ meta set mark with reg 1 ]
+