On Tue, Aug 27, 2019 at 12:38:52PM +0200, Pablo Neira Ayuso wrote:
> On Wed, Aug 21, 2019 at 11:25:59AM +0200, Phil Sutter wrote:
> > Allow for closer inspection by storing payload expression's base and
> > length values. Also facilitate for two consecutive payload expressions
> > as LHS of a (cmp/lookup) statement as used with concatenations.
> >
> > Signed-off-by: Phil Sutter <p...@nwl.cc>
> > ---
> > iptables/nft-shared.c | 8 ++++++++
> > iptables/nft-shared.h | 4 +++-
> > 2 files changed, 11 insertions(+), 1 deletion(-)
> >
> > diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
> > index d5984d0577ed1..0f8cabf9abcc7 100644
> > --- a/iptables/nft-shared.c
> > +++ b/iptables/nft-shared.c
> > @@ -445,8 +445,16 @@ static void nft_parse_meta(struct nft_xt_ctx *ctx,
> > struct nftnl_expr *e)
> >
> > static void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
> > {
> > + if (ctx->flags & NFT_XT_CTX_PAYLOAD) {
> > + memcpy(&ctx->prev_payload, &ctx->payload,
> > + sizeof(ctx->prev_payload));
> > + ctx->flags |= NFT_XT_CTX_PREV_PAYLOAD;
> > + }
> >
> > ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
> > + ctx->payload.base = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_BASE);
> > ctx->payload.offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
> > + ctx->payload.len = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN);
> > ctx->flags |= NFT_XT_CTX_PAYLOAD;
> > }
> >
> > diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
> > index ff3beef1af0de..cb7eea6208cd2 100644
> > --- a/iptables/nft-shared.h
> > +++ b/iptables/nft-shared.h
> > @@ -43,6 +43,7 @@ enum {
> > NFT_XT_CTX_META = (1 << 1),
> > NFT_XT_CTX_BITWISE = (1 << 2),
> > NFT_XT_CTX_IMMEDIATE = (1 << 3),
> > + NFT_XT_CTX_PREV_PAYLOAD = (1 << 4),
>
> Why does ebt among needs this?
We can move this discussion to patch 14/14, where I'm suggesting you
store context for this.
