[PATCH nftables 6/7] payload: automatically kill dependencies for exthdr and tcpopt

Manuel Messner Mon, 06 Feb 2017 18:20:44 -0800

This patch automatically removes the dependencies for exthdr and tcpopt.

 # nft add rule filter input tcp option maxseg kind 3 counter.
 # nft list table filter input


Before:

 # ip protocol 6 tcp option maxseg kind 3 counter

After:

 # tcp option maxseg kind 3 counter

Thus allowing to write tests as follows:

 # tcp option maxseg kind 3;ok

Signed-off-by: Florian Westphal <f...@strlen.de>
Signed-off-by: Manuel Messner <m...@skelett.io>
---
 include/payload.h         |  2 ++
 src/netlink_delinearize.c |  2 +-
 src/payload.c             | 14 ++++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/include/payload.h b/include/payload.h
index 5952b24..a3d2309 100644
--- a/include/payload.h
+++ b/include/payload.h
@@ -42,6 +42,8 @@ extern void __payload_dependency_kill(struct payload_dep_ctx 
*ctx,
                                      enum proto_bases base);
 extern void payload_dependency_kill(struct payload_dep_ctx *ctx,
                                    struct expr *expr);
+extern void exthdr_dependency_kill(struct payload_dep_ctx *ctx,
+                                  struct expr *expr);
 
 extern bool payload_can_merge(const struct expr *e1, const struct expr *e2);
 extern struct expr *payload_expr_join(const struct expr *e1,
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 87010f1..e23c48b 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1841,7 +1841,7 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, 
struct expr **exprp)
                expr_postprocess(ctx, &expr->key);
                break;
        case EXPR_EXTHDR:
-               __payload_dependency_kill(&ctx->pdctx, PROTO_BASE_NETWORK_HDR);
+               exthdr_dependency_kill(&ctx->pdctx, expr);
                break;
        case EXPR_SET_REF:
        case EXPR_META:
diff --git a/src/payload.c b/src/payload.c
index 0207296..169954b 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -410,6 +410,20 @@ void payload_dependency_kill(struct payload_dep_ctx *ctx, 
struct expr *expr)
        __payload_dependency_kill(ctx, expr->payload.base);
 }
 
+void exthdr_dependency_kill(struct payload_dep_ctx *ctx, struct expr *expr)
+{
+       switch (expr->exthdr.op) {
+       case NFT_EXTHDR_OP_TCPOPT:
+               __payload_dependency_kill(ctx, PROTO_BASE_TRANSPORT_HDR);
+               break;
+       case NFT_EXTHDR_OP_IPV6:
+               __payload_dependency_kill(ctx, PROTO_BASE_NETWORK_HDR);
+               break;
+       default:
+               break;
+       }
+}
+
 /**
  * payload_expr_complete - fill in type information of a raw payload expr
  *
-- 
2.11.1

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nftables 6/7] payload: automatically kill dependencies for exthdr and tcpopt

Reply via email to