summaryrefslogtreecommitdiffstats
path: root/src/evaluate.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/evaluate.c')
-rw-r--r--src/evaluate.c49
1 files changed, 31 insertions, 18 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 94fee64b..4ca32943 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -269,7 +269,7 @@ static int expr_evaluate_primary(struct eval_ctx *ctx, struct expr **expr)
static int expr_evaluate_payload(struct eval_ctx *ctx, struct expr **expr)
{
struct expr *payload = *expr;
- enum payload_bases base = payload->payload.base;
+ enum proto_bases base = payload->payload.base;
struct stmt *nstmt;
struct expr *nexpr;
@@ -290,6 +290,19 @@ static int expr_evaluate_payload(struct eval_ctx *ctx, struct expr **expr)
}
/*
+ * CT expression: update the protocol dependant types bases on the protocol
+ * context.
+ */
+static int expr_evaluate_ct(struct eval_ctx *ctx, struct expr **expr)
+{
+ struct expr *ct = *expr;
+
+ ct_expr_update_type(&ctx->pctx, ct);
+
+ return expr_evaluate_primary(ctx, expr);
+}
+
+/*
* Prefix expression: the argument must be a constant value of integer base
* type; the prefix length must be less than or equal to the type width.
*/
@@ -916,21 +929,17 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
left->dtype->desc,
right->dtype->desc);
/*
- * Update payload context for payload and meta iiftype equality
- * expressions.
+ * Update protocol context for payload and meta iiftype
+ * equality expressions.
*/
- switch (left->ops->type) {
- case EXPR_PAYLOAD:
- payload_ctx_update(&ctx->pctx, rel);
- break;
- case EXPR_META:
- payload_ctx_update_meta(&ctx->pctx, rel);
- break;
- case EXPR_CONCAT:
+ if (left->flags & EXPR_F_PROTOCOL &&
+ left->ops->pctx_update)
+ left->ops->pctx_update(&ctx->pctx, rel);
+
+ if (left->ops->type == EXPR_CONCAT)
return 0;
- default:
- break;
- }
+
+ /* fall through */
case OP_NEQ:
case OP_FLAGCMP:
if (!datatype_equal(left->dtype, right->dtype))
@@ -1046,10 +1055,11 @@ static int expr_evaluate(struct eval_ctx *ctx, struct expr **expr)
case EXPR_VERDICT:
case EXPR_EXTHDR:
case EXPR_META:
- case EXPR_CT:
return expr_evaluate_primary(ctx, expr);
case EXPR_PAYLOAD:
return expr_evaluate_payload(ctx, expr);
+ case EXPR_CT:
+ return expr_evaluate_ct(ctx, expr);
case EXPR_PREFIX:
return expr_evaluate_prefix(ctx, expr);
case EXPR_RANGE:
@@ -1117,7 +1127,7 @@ static int stmt_evaluate_reject(struct eval_ctx *ctx, struct stmt *stmt)
static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
{
- struct payload_ctx *pctx = &ctx->pctx;
+ struct proto_ctx *pctx = &ctx->pctx;
int err;
if (stmt->nat.addr != NULL) {
@@ -1133,7 +1143,7 @@ static int stmt_evaluate_nat(struct eval_ctx *ctx, struct stmt *stmt)
}
if (stmt->nat.proto != NULL) {
- if (pctx->protocol[PAYLOAD_BASE_TRANSPORT_HDR].desc == NULL)
+ if (pctx->protocol[PROTO_BASE_TRANSPORT_HDR].desc == NULL)
return stmt_binary_error(ctx, stmt->nat.proto, stmt,
"transport protocol mapping is only "
"valid after transport protocol match");
@@ -1174,6 +1184,8 @@ static int stmt_evaluate(struct eval_ctx *ctx, struct stmt *stmt)
return stmt_evaluate_reject(ctx, stmt);
case STMT_NAT:
return stmt_evaluate_nat(ctx, stmt);
+ case STMT_QUEUE:
+ return 0;
default:
BUG("unknown statement type %s\n", stmt->ops->name);
}
@@ -1230,7 +1242,7 @@ static int rule_evaluate(struct eval_ctx *ctx, struct rule *rule)
struct stmt *stmt, *tstmt = NULL;
struct error_record *erec;
- payload_ctx_init(&ctx->pctx, rule->handle.family);
+ proto_ctx_init(&ctx->pctx, rule->handle.family);
memset(&ctx->ectx, 0, sizeof(ctx->ectx));
list_for_each_entry(stmt, &rule->stmts, list) {
@@ -1261,6 +1273,7 @@ static uint32_t str2hooknum(uint32_t family, const char *hook)
case NFPROTO_IPV4:
case NFPROTO_BRIDGE:
case NFPROTO_IPV6:
+ case NFPROTO_INET:
/* These families have overlapping values for each hook */
if (!strcmp(hook, "prerouting"))
return NF_INET_PRE_ROUTING;