diff options
author | Patrick McHardy <kaber@trash.net> | 2014-02-17 14:06:44 +0000 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2014-02-17 17:17:18 +0000 |
commit | 0545e0c13b3b7dff4dd53c8a68d8d1066c2829c0 (patch) | |
tree | a2047b0a0d7dd68919a7f5c08e99150534457d41 /src/netlink.c | |
parent | 4a11511e936b5d38837137c9d04f047d4dab2c8f (diff) |
netlink: fix prefix expression handling
The prefix expression handling is full of bugs:
- netlink_gen_data() is used to construct the prefix mask from the full
prefix expression. This is both conceptually wrong, the prefix expression
is *not* data, and buggy, it only assumes network masks and thus only
handles big endian types.
- Prefix expression reconstruction doesn't check whether the mask is a
valid prefix and reconstructs crap otherwise. It doesn't reconstruct
prefixes for anything but network addresses. On top of that its
needlessly complicated, using the mpz values directly its a simple
matter of finding the sequence of 1's that extend up to the full width.
- Unnecessary cloning of expressions where a simple refcount increase would
suffice.
Rewrite that code properly.
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'src/netlink.c')
-rw-r--r-- | src/netlink.c | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/src/netlink.c b/src/netlink.c index 6e797dcf..07af1cb8 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -252,31 +252,6 @@ static void netlink_gen_verdict(const struct expr *expr, } } -static void netlink_gen_prefix(const struct expr *expr, - struct nft_data_linearize *data) -{ - uint32_t idx; - int32_t i, cidr; - uint32_t mask; - - assert(expr->ops->type == EXPR_PREFIX); - - data->len = div_round_up(expr->prefix->len, BITS_PER_BYTE); - cidr = expr->prefix_len; - - for (i = 0; (uint32_t)i / BITS_PER_BYTE < data->len; i += 32) { - if (cidr - i >= 32) - mask = 0xffffffff; - else if (cidr - i > 0) - mask = (1 << (cidr - i)) - 1; - else - mask = 0; - - idx = i / 32; - data->value[idx] = mask; - } -} - void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data) { switch (expr->ops->type) { @@ -286,8 +261,6 @@ void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data) return netlink_gen_concat_data(expr, data); case EXPR_VERDICT: return netlink_gen_verdict(expr, data); - case EXPR_PREFIX: - return netlink_gen_prefix(expr, data); default: BUG("invalid data expression type %s\n", expr->ops->name); } |