diff options
| author | Jeremy Sowden <jeremy@azazel.net> | 2022-01-15 18:27:07 +0000 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2022-01-15 20:17:41 +0100 |
| commit | a2086fea4a243ef449a0ccc3bf9486d7b12ee0f3 (patch) | |
| tree | e582f5af5c8e555f1c4bc7d742b6b0b8bfc072f3 /src/netlink_delinearize.c | |
| parent | 8f85d9f4469e50ade883b652ab3c112c90d477c3 (diff) | |
src: store more than one payload dependency
Change the payload-dependency context to store a dependency for every
protocol layer. This allows us to eliminate more redundant protocol
expressions.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/netlink_delinearize.c')
| -rw-r--r-- | src/netlink_delinearize.c | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 068d305b..6619b412 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -2126,11 +2126,12 @@ static void ct_meta_common_postprocess(struct rule_pp_ctx *ctx, relational_expr_pctx_update(&ctx->pctx, expr); - if (ctx->pdctx.pbase < PROTO_BASE_TRANSPORT_HDR) { + if (base < PROTO_BASE_TRANSPORT_HDR) { if (payload_dependency_exists(&ctx->pdctx, base) && meta_may_dependency_kill(&ctx->pdctx, ctx->pctx.family, expr)) - payload_dependency_release(&ctx->pdctx); + payload_dependency_release(&ctx->pdctx, base); + if (left->flags & EXPR_F_PROTOCOL) payload_dependency_store(&ctx->pdctx, ctx->stmt, base); } @@ -2660,7 +2661,8 @@ static void stmt_reject_postprocess(struct rule_pp_ctx *rctx) if (stmt->reject.type == NFT_REJECT_TCP_RST && payload_dependency_exists(&rctx->pdctx, PROTO_BASE_TRANSPORT_HDR)) - payload_dependency_release(&rctx->pdctx); + payload_dependency_release(&rctx->pdctx, + PROTO_BASE_TRANSPORT_HDR); break; case NFPROTO_IPV6: stmt->reject.family = rctx->pctx.family; @@ -2668,7 +2670,8 @@ static void stmt_reject_postprocess(struct rule_pp_ctx *rctx) if (stmt->reject.type == NFT_REJECT_TCP_RST && payload_dependency_exists(&rctx->pdctx, PROTO_BASE_TRANSPORT_HDR)) - payload_dependency_release(&rctx->pdctx); + payload_dependency_release(&rctx->pdctx, + PROTO_BASE_TRANSPORT_HDR); break; case NFPROTO_INET: case NFPROTO_BRIDGE: @@ -2702,7 +2705,8 @@ static void stmt_reject_postprocess(struct rule_pp_ctx *rctx) } if (payload_dependency_exists(&rctx->pdctx, PROTO_BASE_NETWORK_HDR)) - payload_dependency_release(&rctx->pdctx); + payload_dependency_release(&rctx->pdctx, + PROTO_BASE_NETWORK_HDR); break; default: break; |