diff options
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r-- | src/netlink_delinearize.c | 95 |
1 files changed, 79 insertions, 16 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c index 3d98131b..59b50745 100644 --- a/src/netlink_delinearize.c +++ b/src/netlink_delinearize.c @@ -325,9 +325,9 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx, expr); } -static void netlink_parse_meta(struct netlink_parse_ctx *ctx, - const struct location *loc, - const struct nft_rule_expr *nle) +static void netlink_parse_meta_dreg(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) { struct expr *expr; @@ -338,6 +338,33 @@ static void netlink_parse_meta(struct netlink_parse_ctx *ctx, expr); } +static void netlink_parse_meta_sreg(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) +{ + struct stmt *stmt; + struct expr *expr; + + expr = netlink_get_register(ctx, loc, + nft_rule_expr_get_u8(nle, NFT_EXPR_META_SREG)); + stmt = meta_stmt_alloc(loc, + nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY), + expr); + expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder); + + list_add_tail(&stmt->list, &ctx->rule->stmts); +} + +static void netlink_parse_meta(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) +{ + if (nft_rule_expr_is_set(nle, NFT_EXPR_META_DREG)) + netlink_parse_meta_dreg(ctx, loc, nle); + else + netlink_parse_meta_sreg(ctx, loc, nle); +} + static void netlink_parse_ct(struct netlink_parse_ctx *ctx, const struct location *loc, const struct nft_rule_expr *nle) @@ -481,6 +508,20 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx, list_add_tail(&stmt->list, &ctx->rule->stmts); } +static void netlink_parse_queue(struct netlink_parse_ctx *ctx, + const struct location *loc, + const struct nft_rule_expr *nle) +{ + struct stmt *stmt; + + stmt = queue_stmt_alloc(loc); + stmt->queue.queuenum = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_NUM); + stmt->queue.queues_total = + nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_TOTAL); + stmt->queue.flags = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_FLAGS); + list_add_tail(&stmt->list, &ctx->rule->stmts); +} + static const struct { const char *name; void (*parse)(struct netlink_parse_ctx *ctx, @@ -501,6 +542,7 @@ static const struct { { .name = "limit", .parse = netlink_parse_limit }, { .name = "reject", .parse = netlink_parse_reject }, { .name = "nat", .parse = netlink_parse_nat }, + { .name = "queue", .parse = netlink_parse_queue }, }; static const struct input_descriptor indesc_netlink = { @@ -531,8 +573,8 @@ static int netlink_parse_expr(struct nft_rule_expr *nle, void *arg) } struct rule_pp_ctx { - struct payload_ctx pctx; - enum payload_bases pbase; + struct proto_ctx pctx; + enum proto_bases pbase; struct stmt *pdep; }; @@ -541,15 +583,24 @@ struct rule_pp_ctx { */ static void payload_dependency_kill(struct rule_pp_ctx *ctx, struct expr *expr) { - if (ctx->pbase != PAYLOAD_BASE_INVALID && + if (ctx->pbase != PROTO_BASE_INVALID && ctx->pbase == expr->payload.base - 1 && ctx->pdep != NULL) { list_del(&ctx->pdep->list); stmt_free(ctx->pdep); + ctx->pbase = PROTO_BASE_INVALID; ctx->pdep = NULL; } } +static void payload_dependency_store(struct rule_pp_ctx *ctx, + struct stmt *stmt, + enum proto_bases base) +{ + ctx->pbase = base; + ctx->pdep = stmt; +} + static void payload_match_postprocess(struct rule_pp_ctx *ctx, struct stmt *stmt, struct expr *expr) { @@ -570,7 +621,7 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx, nexpr = relational_expr_alloc(&expr->location, expr->op, left, tmp); - payload_ctx_update(&ctx->pctx, nexpr); + left->ops->pctx_update(&ctx->pctx, nexpr); nstmt = expr_stmt_alloc(&stmt->location, nexpr); list_add_tail(&nstmt->list, &stmt->list); @@ -579,11 +630,11 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx, * kill it later on if made redundant by a higher layer * payload expression. */ - if (ctx->pbase == PAYLOAD_BASE_INVALID && - left->payload.flags & PAYLOAD_PROTOCOL_EXPR) { - ctx->pbase = left->payload.base; - ctx->pdep = nstmt; - } else + if (ctx->pbase == PROTO_BASE_INVALID && + left->flags & EXPR_F_PROTOCOL) + payload_dependency_store(ctx, nstmt, + left->payload.base); + else payload_dependency_kill(ctx, nexpr->left); } list_del(&stmt->list); @@ -593,16 +644,24 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx, payload_expr_complete(left, &ctx->pctx); expr_set_type(expr->right, expr->left->dtype, expr->left->byteorder); + payload_dependency_kill(ctx, expr->left); break; } } -static void meta_match_postprocess(struct payload_ctx *ctx, +static void meta_match_postprocess(struct rule_pp_ctx *ctx, + struct stmt *stmt, const struct expr *expr) { + struct expr *left = expr->left; + switch (expr->op) { case OP_EQ: - payload_ctx_update_meta(ctx, expr); + expr->left->ops->pctx_update(&ctx->pctx, expr); + + if (ctx->pbase == PROTO_BASE_INVALID && + left->flags & EXPR_F_PROTOCOL) + payload_dependency_store(ctx, stmt, left->meta.base); break; default: break; @@ -723,7 +782,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, switch (expr->left->ops->type) { case EXPR_META: - meta_match_postprocess(&ctx->pctx, expr); + meta_match_postprocess(ctx, stmt, expr); break; case EXPR_BINOP: relational_binop_postprocess(expr); @@ -779,13 +838,17 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r struct stmt *stmt, *next; memset(&rctx, 0, sizeof(rctx)); - payload_ctx_init(&rctx.pctx, rule->handle.family); + proto_ctx_init(&rctx.pctx, rule->handle.family); list_for_each_entry_safe(stmt, next, &rule->stmts, list) { switch (stmt->ops->type) { case STMT_EXPRESSION: expr_postprocess(&rctx, stmt, &stmt->expr); break; + case STMT_META: + if (stmt->meta.expr != NULL) + expr_postprocess(&rctx, stmt, &stmt->meta.expr); + break; case STMT_NAT: if (stmt->nat.addr != NULL) expr_postprocess(&rctx, stmt, &stmt->nat.addr); |