diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-09-20 19:25:25 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-10-17 17:55:56 +0200 |
| commit | 3ed932917cc744b489bd2706a55a1778b0b50c0e (patch) | |
| tree | 96f226969cab52a9c29510378612751713f78d98 /src/netlink_linearize.c | |
| parent | f55ccf9ea1061f8e50065c0cc6b3ed93523f0b97 (diff) | |
src: use new range expression for != [a,b] intervals
Use new range expression in the kernel to fix wrong bytecode generation.
This patch also adjust tests so we don't hit problems there.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/netlink_linearize.c')
| -rw-r--r-- | src/netlink_linearize.c | 46 |
1 files changed, 21 insertions, 25 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 558deb23..0072dca0 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -368,45 +368,41 @@ static void netlink_gen_range(struct netlink_linearize_ctx *ctx, sreg = get_register(ctx, expr->left); netlink_gen_expr(ctx, expr->left, sreg); - nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); switch (expr->op) { case OP_NEQ: - nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, - netlink_gen_cmp_op(OP_LT)); + nle = alloc_nft_expr("range"); + netlink_put_register(nle, NFTNL_EXPR_RANGE_SREG, sreg); + nftnl_expr_set_u32(nle, NFTNL_EXPR_RANGE_OP, NFT_RANGE_NEQ); + netlink_gen_data(range->left, &nld); + nftnl_expr_set(nle, NFTNL_EXPR_RANGE_FROM_DATA, + nld.value, nld.len); + netlink_gen_data(range->right, &nld); + nftnl_expr_set(nle, NFTNL_EXPR_RANGE_TO_DATA, + nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); break; case OP_RANGE: case OP_EQ: + nle = alloc_nft_expr("cmp"); + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_GTE)); - break; - default: - BUG("invalid range operation %u\n", expr->op); - } - - netlink_gen_data(range->left, &nld); - nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); - nftnl_rule_add_expr(ctx->nlr, nle); + netlink_gen_data(range->left, &nld); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); - nle = alloc_nft_expr("cmp"); - netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); - switch (expr->op) { - case OP_NEQ: - nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, - netlink_gen_cmp_op(OP_GT)); - break; - case OP_RANGE: - case OP_EQ: + nle = alloc_nft_expr("cmp"); + netlink_put_register(nle, NFTNL_EXPR_CMP_SREG, sreg); nftnl_expr_set_u32(nle, NFTNL_EXPR_CMP_OP, netlink_gen_cmp_op(OP_LTE)); + netlink_gen_data(range->right, &nld); + nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); + nftnl_rule_add_expr(ctx->nlr, nle); break; default: BUG("invalid range operation %u\n", expr->op); - } - netlink_gen_data(range->right, &nld); - nftnl_expr_set(nle, NFTNL_EXPR_CMP_DATA, nld.value, nld.len); - nftnl_rule_add_expr(ctx->nlr, nle); + } release_register(ctx, expr->left); } |