diff options
| author | Patrick McHardy <kaber@trash.net> | 2014-01-08 13:02:16 +0000 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2014-01-08 13:02:16 +0000 |
| commit | ffdc2e402e76329c8dde88daab55791d6c6f5dd3 (patch) | |
| tree | 31d19e38c4a46fb943576f6bec935a7931058853 /src/evaluate.c | |
| parent | caa45d4a94ccf62041c1e4dc47310068a41f5f29 (diff) | |
ct expr: protocol context updates and dynamic typing
Include the protocols defined through relational ct expressions in the
protocol context and use the protocol context to dynamically determine
the types of network and transport layer ct expression types.
Before:
$ nft filter output ct proto-dst ssh
<cmdline>:1:28-30: Error: Can't parse symbolic invalid expressions
filter output ct proto-dst ssh
^^^
$ nft filter output ip protocol tcp ct proto-dst ssh
<cmdline>:1:44-46: Error: Can't parse symbolic invalid expressions
filter output ip protocol tcp ct proto-dst ssh
^^^
$ nft filter output ct protocol tcp ct proto-dst ssh
<cmdline>:1:44-46: Error: Can't parse symbolic invalid expressions
filter output ct protocol tcp ct proto-dst ssh
^^^
After:
$ nft filter output ct proto-dst ssh
<cmdline>:1:28-30: Error: Can't parse symbolic invalid expressions
filter output ct proto-dst ssh
^^^
$ nft filter output ip protocol tcp ct proto-dst ssh
$ nft filter output ct protocol tcp ct proto-dst ssh
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'src/evaluate.c')
| -rw-r--r-- | src/evaluate.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 3fe9da4f..257c67ed 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -290,6 +290,19 @@ static int expr_evaluate_payload(struct eval_ctx *ctx, struct expr **expr) } /* + * CT expression: update the protocol dependant types bases on the protocol + * context. + */ +static int expr_evaluate_ct(struct eval_ctx *ctx, struct expr **expr) +{ + struct expr *ct = *expr; + + ct_expr_update_type(&ctx->pctx, ct); + + return expr_evaluate_primary(ctx, expr); +} + +/* * Prefix expression: the argument must be a constant value of integer base * type; the prefix length must be less than or equal to the type width. */ @@ -1042,10 +1055,11 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr) case EXPR_VERDICT: case EXPR_EXTHDR: case EXPR_META: - case EXPR_CT: return expr_evaluate_primary(ctx, expr); case EXPR_PAYLOAD: return expr_evaluate_payload(ctx, expr); + case EXPR_CT: + return expr_evaluate_ct(ctx, expr); case EXPR_PREFIX: return expr_evaluate_prefix(ctx, expr); case EXPR_RANGE: |