diff options
-rw-r--r-- | src/evaluate.c | 17 | ||||
-rw-r--r-- | tests/py/ip/ct.t | 4 | ||||
-rw-r--r-- | tests/py/ip/ct.t.payload | 19 |
3 files changed, 40 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index c830dcdb..53f636b7 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1266,6 +1266,12 @@ static int expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr, list_for_each_entry_safe(i, next, &(*expr)->expressions, list) { unsigned dsize_bytes; + if (i->etype == EXPR_CT && + (i->ct.key == NFT_CT_SRC || + i->ct.key == NFT_CT_DST)) + return expr_error(ctx->msgs, i, + "specify either ip or ip6 for address matching"); + if (expr_is_constant(*expr) && dtype && off == 0) return expr_binary_error(ctx->msgs, i, *expr, "unexpected concat component, " @@ -1477,6 +1483,17 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) map->map->ct.key == NFT_CT_DST)) return expr_error(ctx->msgs, map->map, "specify either ip or ip6 for address matching"); + else if (map->map->etype == EXPR_CONCAT) { + struct expr *i; + + list_for_each_entry(i, &map->map->expressions, list) { + if (i->etype == EXPR_CT && + (i->ct.key == NFT_CT_SRC || + i->ct.key == NFT_CT_DST)) + return expr_error(ctx->msgs, i, + "specify either ip or ip6 for address matching"); + } + } expr_set_context(&ctx->ectx, NULL, 0); if (expr_evaluate(ctx, &map->map) < 0) diff --git a/tests/py/ip/ct.t b/tests/py/ip/ct.t index c5ce1274..a387863e 100644 --- a/tests/py/ip/ct.t +++ b/tests/py/ip/ct.t @@ -24,3 +24,7 @@ ct reply ip daddr dead::beef;fail meta mark set ct original daddr map { 1.1.1.1 : 0x00000011 };fail meta mark set ct original ip daddr map { 1.1.1.1 : 0x00000011 };ok +meta mark set ct original saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };fail +meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e };ok +ct original saddr . meta mark { 1.1.1.1 . 0x00000014 };fail +ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 };ok diff --git a/tests/py/ip/ct.t.payload b/tests/py/ip/ct.t.payload index 3348d16d..49f06a84 100644 --- a/tests/py/ip/ct.t.payload +++ b/tests/py/ip/ct.t.payload @@ -65,3 +65,22 @@ ip [ ct load dst_ip => reg 1 , dir original ] [ lookup reg 1 set __map%d dreg 1 ] [ meta set mark with reg 1 ] + +# meta mark set ct original ip saddr . meta mark map { 1.1.1.1 . 0x00000014 : 0x0000001e } +__map%d test-ip4 b +__map%d test-ip4 0 + element 01010101 00000014 : 0000001e 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __map%d dreg 1 ] + [ meta set mark with reg 1 ] + +# ct original ip saddr . meta mark { 1.1.1.1 . 0x00000014 } +__set%d test-ip4 3 +__set%d test-ip4 0 + element 01010101 00000014 : 0 [end] +ip + [ ct load src_ip => reg 1 , dir original ] + [ meta load mark => reg 9 ] + [ lookup reg 1 set __set%d ] |