summaryrefslogtreecommitdiffstats
path: root/src/netlink_delinearize.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/netlink_delinearize.c')
-rw-r--r--src/netlink_delinearize.c95
1 files changed, 79 insertions, 16 deletions
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 3d98131b..59b50745 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -325,9 +325,9 @@ static void netlink_parse_exthdr(struct netlink_parse_ctx *ctx,
expr);
}
-static void netlink_parse_meta(struct netlink_parse_ctx *ctx,
- const struct location *loc,
- const struct nft_rule_expr *nle)
+static void netlink_parse_meta_dreg(struct netlink_parse_ctx *ctx,
+ const struct location *loc,
+ const struct nft_rule_expr *nle)
{
struct expr *expr;
@@ -338,6 +338,33 @@ static void netlink_parse_meta(struct netlink_parse_ctx *ctx,
expr);
}
+static void netlink_parse_meta_sreg(struct netlink_parse_ctx *ctx,
+ const struct location *loc,
+ const struct nft_rule_expr *nle)
+{
+ struct stmt *stmt;
+ struct expr *expr;
+
+ expr = netlink_get_register(ctx, loc,
+ nft_rule_expr_get_u8(nle, NFT_EXPR_META_SREG));
+ stmt = meta_stmt_alloc(loc,
+ nft_rule_expr_get_u8(nle, NFT_EXPR_META_KEY),
+ expr);
+ expr_set_type(expr, stmt->meta.tmpl->dtype, stmt->meta.tmpl->byteorder);
+
+ list_add_tail(&stmt->list, &ctx->rule->stmts);
+}
+
+static void netlink_parse_meta(struct netlink_parse_ctx *ctx,
+ const struct location *loc,
+ const struct nft_rule_expr *nle)
+{
+ if (nft_rule_expr_is_set(nle, NFT_EXPR_META_DREG))
+ netlink_parse_meta_dreg(ctx, loc, nle);
+ else
+ netlink_parse_meta_sreg(ctx, loc, nle);
+}
+
static void netlink_parse_ct(struct netlink_parse_ctx *ctx,
const struct location *loc,
const struct nft_rule_expr *nle)
@@ -481,6 +508,20 @@ static void netlink_parse_nat(struct netlink_parse_ctx *ctx,
list_add_tail(&stmt->list, &ctx->rule->stmts);
}
+static void netlink_parse_queue(struct netlink_parse_ctx *ctx,
+ const struct location *loc,
+ const struct nft_rule_expr *nle)
+{
+ struct stmt *stmt;
+
+ stmt = queue_stmt_alloc(loc);
+ stmt->queue.queuenum = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_NUM);
+ stmt->queue.queues_total =
+ nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_TOTAL);
+ stmt->queue.flags = nft_rule_expr_get_u16(nle, NFT_EXPR_QUEUE_FLAGS);
+ list_add_tail(&stmt->list, &ctx->rule->stmts);
+}
+
static const struct {
const char *name;
void (*parse)(struct netlink_parse_ctx *ctx,
@@ -501,6 +542,7 @@ static const struct {
{ .name = "limit", .parse = netlink_parse_limit },
{ .name = "reject", .parse = netlink_parse_reject },
{ .name = "nat", .parse = netlink_parse_nat },
+ { .name = "queue", .parse = netlink_parse_queue },
};
static const struct input_descriptor indesc_netlink = {
@@ -531,8 +573,8 @@ static int netlink_parse_expr(struct nft_rule_expr *nle, void *arg)
}
struct rule_pp_ctx {
- struct payload_ctx pctx;
- enum payload_bases pbase;
+ struct proto_ctx pctx;
+ enum proto_bases pbase;
struct stmt *pdep;
};
@@ -541,15 +583,24 @@ struct rule_pp_ctx {
*/
static void payload_dependency_kill(struct rule_pp_ctx *ctx, struct expr *expr)
{
- if (ctx->pbase != PAYLOAD_BASE_INVALID &&
+ if (ctx->pbase != PROTO_BASE_INVALID &&
ctx->pbase == expr->payload.base - 1 &&
ctx->pdep != NULL) {
list_del(&ctx->pdep->list);
stmt_free(ctx->pdep);
+ ctx->pbase = PROTO_BASE_INVALID;
ctx->pdep = NULL;
}
}
+static void payload_dependency_store(struct rule_pp_ctx *ctx,
+ struct stmt *stmt,
+ enum proto_bases base)
+{
+ ctx->pbase = base;
+ ctx->pdep = stmt;
+}
+
static void payload_match_postprocess(struct rule_pp_ctx *ctx,
struct stmt *stmt, struct expr *expr)
{
@@ -570,7 +621,7 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
nexpr = relational_expr_alloc(&expr->location, expr->op,
left, tmp);
- payload_ctx_update(&ctx->pctx, nexpr);
+ left->ops->pctx_update(&ctx->pctx, nexpr);
nstmt = expr_stmt_alloc(&stmt->location, nexpr);
list_add_tail(&nstmt->list, &stmt->list);
@@ -579,11 +630,11 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
* kill it later on if made redundant by a higher layer
* payload expression.
*/
- if (ctx->pbase == PAYLOAD_BASE_INVALID &&
- left->payload.flags & PAYLOAD_PROTOCOL_EXPR) {
- ctx->pbase = left->payload.base;
- ctx->pdep = nstmt;
- } else
+ if (ctx->pbase == PROTO_BASE_INVALID &&
+ left->flags & EXPR_F_PROTOCOL)
+ payload_dependency_store(ctx, nstmt,
+ left->payload.base);
+ else
payload_dependency_kill(ctx, nexpr->left);
}
list_del(&stmt->list);
@@ -593,16 +644,24 @@ static void payload_match_postprocess(struct rule_pp_ctx *ctx,
payload_expr_complete(left, &ctx->pctx);
expr_set_type(expr->right, expr->left->dtype,
expr->left->byteorder);
+ payload_dependency_kill(ctx, expr->left);
break;
}
}
-static void meta_match_postprocess(struct payload_ctx *ctx,
+static void meta_match_postprocess(struct rule_pp_ctx *ctx,
+ struct stmt *stmt,
const struct expr *expr)
{
+ struct expr *left = expr->left;
+
switch (expr->op) {
case OP_EQ:
- payload_ctx_update_meta(ctx, expr);
+ expr->left->ops->pctx_update(&ctx->pctx, expr);
+
+ if (ctx->pbase == PROTO_BASE_INVALID &&
+ left->flags & EXPR_F_PROTOCOL)
+ payload_dependency_store(ctx, stmt, left->meta.base);
break;
default:
break;
@@ -723,7 +782,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx,
switch (expr->left->ops->type) {
case EXPR_META:
- meta_match_postprocess(&ctx->pctx, expr);
+ meta_match_postprocess(ctx, stmt, expr);
break;
case EXPR_BINOP:
relational_binop_postprocess(expr);
@@ -779,13 +838,17 @@ static void rule_parse_postprocess(struct netlink_parse_ctx *ctx, struct rule *r
struct stmt *stmt, *next;
memset(&rctx, 0, sizeof(rctx));
- payload_ctx_init(&rctx.pctx, rule->handle.family);
+ proto_ctx_init(&rctx.pctx, rule->handle.family);
list_for_each_entry_safe(stmt, next, &rule->stmts, list) {
switch (stmt->ops->type) {
case STMT_EXPRESSION:
expr_postprocess(&rctx, stmt, &stmt->expr);
break;
+ case STMT_META:
+ if (stmt->meta.expr != NULL)
+ expr_postprocess(&rctx, stmt, &stmt->meta.expr);
+ break;
case STMT_NAT:
if (stmt->nat.addr != NULL)
expr_postprocess(&rctx, stmt, &stmt->nat.addr);