diff options
author | Stefano Brivio <sbrivio@redhat.com> | 2020-01-30 01:16:56 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-02-07 13:53:37 +0100 |
commit | 6156ba34018dddd59cb6737cfd5a69a0cbc5eaa4 (patch) | |
tree | 5602a86a1ebef4e82c5d0b3517bb4273a26d6ac6 /src/evaluate.c | |
parent | 9b94127950f9848bc5a1505ae65ca3045ff68a16 (diff) |
src: Add support for NFTNL_SET_DESC_CONCAT
To support arbitrary range concatenations, the kernel needs to know
how long each field in the concatenation is. The new libnftnl
NFTNL_SET_DESC_CONCAT set attribute describes this as an array of
lengths, in bytes, of concatenated fields.
While evaluating concatenated expressions, export the datatype size
into the new field_len array, and hand the data over via libnftnl.
Similarly, when data is passed back from libnftnl, parse it into
the set description.
When set data is cloned, we now need to copy the additional fields
in set_clone(), too.
This change depends on the libnftnl patch with title:
set: Add support for NFTA_SET_DESC_CONCAT attributes
v4: No changes
v3: Rework to use set description data instead of a stand-alone
attribute
v2: No changes
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 14 |
1 files changed, 11 insertions, 3 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 09dd493f..55591f5f 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1217,6 +1217,8 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr, struct expr *i, *next; list_for_each_entry_safe(i, next, &(*expr)->expressions, list) { + unsigned dsize_bytes; + if (expr_is_constant(*expr) && dtype && off == 0) return expr_binary_error(ctx->msgs, i, *expr, "unexpected concat component, " @@ -1241,6 +1243,9 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr, i->dtype->name); ntype = concat_subtype_add(ntype, i->dtype->type); + + dsize_bytes = div_round_up(i->dtype->size, BITS_PER_BYTE); + (*expr)->field_len[(*expr)->field_count++] = dsize_bytes; } (*expr)->flags |= flags; @@ -3345,9 +3350,12 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) return set_key_data_error(ctx, set, set->key->dtype, type); } - if (set->flags & NFT_SET_INTERVAL && - set->key->etype == EXPR_CONCAT) - return set_error(ctx, set, "concatenated types not supported in interval sets"); + + if (set->flags & NFT_SET_INTERVAL && set->key->etype == EXPR_CONCAT) { + memcpy(&set->desc.field_len, &set->key->field_len, + sizeof(set->desc.field_len)); + set->desc.field_count = set->key->field_count; + } if (set_is_datamap(set->flags)) { if (set->data == NULL) |