From da015ff415f021294aed8668ddf212acb279cd68 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sat, 22 Jun 2013 19:12:24 +0200 Subject: netlink: fix network address prefix eg. nft add rule filter output ip daddr 192.168.1.0/24 counter so far, this operation was only possible using sets. nft add rule filter output ip daddr \{ 192.168.1.0/24 \} counter While at it, move all binop postprocess code to a new function that contains this transformation and the existing bitmask to constant (as used by eg. ct state new,established). Signed-off-by: Pablo Neira Ayuso --- src/netlink.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'src/netlink.c') diff --git a/src/netlink.c b/src/netlink.c index d835281c..2a7bdb56 100644 --- a/src/netlink.c +++ b/src/netlink.c @@ -228,6 +228,28 @@ static void netlink_gen_verdict(const struct expr *expr, } } +static void netlink_gen_prefix(const struct expr *expr, + struct nft_data_linearize *data) +{ + uint32_t i, cidr, idx; + uint32_t mask; + + assert(expr->ops->type == EXPR_PREFIX); + + data->len = div_round_up(expr->prefix->len, BITS_PER_BYTE); + cidr = expr->prefix_len; + + for (i = 0; i < data->len; i+= 32) { + if (cidr - i >= 32) + mask = 0; + else + mask = (1 << cidr) - 1; + + idx = i / 32; + data->value[idx] = mask; + } +} + void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data) { switch (expr->ops->type) { @@ -237,6 +259,8 @@ void netlink_gen_data(const struct expr *expr, struct nft_data_linearize *data) return netlink_gen_concat_data(expr, data); case EXPR_VERDICT: return netlink_gen_verdict(expr, data); + case EXPR_PREFIX: + return netlink_gen_prefix(expr, data); default: BUG("invalid data expression type %s\n", expr->ops->name); } -- cgit v1.2.3