diff options
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 49 |
1 files changed, 31 insertions, 18 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 94fee64b..4ca32943 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -269,7 +269,7 @@ static int expr_evaluate_primary(struct eval_ctx *ctx, struct expr **expr) static int expr_evaluate_payload(struct eval_ctx *ctx, struct expr **expr) { struct expr *payload = *expr; - enum payload_bases base = payload->payload.base; + enum proto_bases base = payload->payload.base; struct stmt *nstmt; struct expr *nexpr; @@ -290,6 +290,19 @@ static int expr_evaluate_payload(struct eval_ctx *ctx, struct expr **expr) } /* + * CT expression: update the protocol dependant types bases on the protocol + * context. + */ +static int expr_evaluate_ct(struct eval_ctx *ctx, struct expr **expr) +{ + struct expr *ct = *expr; + + ct_expr_update_type(&ctx->pctx, ct); + + return expr_evaluate_primary(ctx, expr); +} + +/* * Prefix expression: the argument must be a constant value of integer base * type; the prefix length must be less than or equal to the type width. */ @@ -916,21 +929,17 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr) left->dtype->desc, right->dtype->desc); /* - * Update payload context for payload and meta iiftype equality - * expressions. + * Update protocol context for payload and meta iiftype + * equality expressions. */ - switch (left->ops->type) { - case EXPR_PAYLOAD: - payload_ctx_update(&ctx->pctx, rel); - break; - case EXPR_META: - payload_ctx_update_meta(&ctx->pctx, rel); - break; - case EXPR_CONCAT: + if (left->flags & EXPR_F_PROTOCOL && + left->ops->pctx_update) + left->ops->pctx_update(&ctx->pctx, rel); + + if (left->ops->type == EXPR_CONCAT) return 0; - default: - break; - } + + /* fall through */ case OP_NEQ: case OP_FLAGCMP: if (!datatype_equal(left->dtype, right->dtype)) @@ -1046,10 +1055,11 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr) case EXPR_VERDICT: case EXPR_EXTHDR: case EXPR_META: - case EXPR_CT: return expr_evaluate_primary(ctx, expr); case EXPR_PAYLOAD: return expr_evaluate_payload(ctx, expr); + case EXPR_CT: + return expr_evaluate_ct(ctx, expr); case EXPR_PREFIX: return expr_evaluate_prefix(ctx, expr); case EXPR_RANGE: @@ -1117,7 +1127,7 @@ static int stmt_evaluate_reject(struct eval_ctx *ctx, struct stmt *stmt) static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt) { - struct payload_ctx *pctx = &ctx->pctx; + struct proto_ctx *pctx = &ctx->pctx; int err; if (stmt->nat.addr != NULL) { @@ -1133,7 +1143,7 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt) } if (stmt->nat.proto != NULL) { - if (pctx->protocol[PAYLOAD_BASE_TRANSPORT_HDR].desc == NULL) + if (pctx->protocol[PROTO_BASE_TRANSPORT_HDR].desc == NULL) return stmt_binary_error(ctx, stmt->nat.proto, stmt, "transport protocol mapping is only " "valid after transport protocol match"); @@ -1174,6 +1184,8 @@ static int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt) return stmt_evaluate_reject(ctx, stmt); case STMT_NAT: return stmt_evaluate_nat(ctx, stmt); + case STMT_QUEUE: + return 0; default: BUG("unknown statement type %s\n", stmt->ops->name); } @@ -1230,7 +1242,7 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule) struct stmt *stmt, *tstmt = NULL; struct error_record *erec; - payload_ctx_init(&ctx->pctx, rule->handle.family); + proto_ctx_init(&ctx->pctx, rule->handle.family); memset(&ctx->ectx, 0, sizeof(ctx->ectx)); list_for_each_entry(stmt, &rule->stmts, list) { @@ -1261,6 +1273,7 @@ static uint32_t str2hooknum(uint32_t family, const char *hook) case NFPROTO_IPV4: case NFPROTO_BRIDGE: case NFPROTO_IPV6: + case NFPROTO_INET: /* These families have overlapping values for each hook */ if (!strcmp(hook, "prerouting")) return NF_INET_PRE_ROUTING; |