From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Anatole Denis <anatole@rezel.net>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft 1/7] Interpret OP_NEQ against a set as OP_LOOKUP
Date: Mon, 28 Nov 2016 12:39:05 +0100 [thread overview]
Message-ID: <20161128113905.GC1691@salvia> (raw)
In-Reply-To: <92cdd42afb329e58b41c0c33f2a68786afd8d7e5.1479994191.git.anatole@rezel.net>
On Thu, Nov 24, 2016 at 03:16:20PM +0100, Anatole Denis wrote:
> Now that the support for inverted matching is in the kernel and in libnftnl, add
> it to nftables too.
>
> This fixes bug #888
>
> Signed-off-by: Anatole Denis <anatole@rezel.net>
> ---
> This patch is heavily based off those of Yuxuan Shui from 2014
> (https://marc.info/?l=netfilter-devel&m=140682484411296)
>
> src/evaluate.c | 14 ++++++++++++++
> src/netlink_delinearize.c | 10 ++++++++++
> src/netlink_linearize.c | 14 +++++++++-----
> 3 files changed, 33 insertions(+), 5 deletions(-)
>
> diff --git a/src/evaluate.c b/src/evaluate.c
> index 8b113c8..bb46615 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -1541,6 +1541,20 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
> if (byteorder_conversion(ctx, &rel->right, left->byteorder) < 0)
> return -1;
> break;
> + case EXPR_SET:
> + assert(rel->op == OP_NEQ);
> + right = rel->right =
> + implicit_set_declaration(ctx, "__set%d",
> + left->dtype, left->len,
> + right);
> + /* fall through */
> + case EXPR_SET_REF:
> + assert(rel->op == OP_NEQ);
Thanks for working on this.
I think we're almost there, we need a bit more code here to catch
these two error cases:
"the referenced set does not exist"
and
"datatype mismatch, expected %s, set has type %s"
See line 1481 in src/evaluate.c for the OP_LOOKUP case.
If I'm on the right track, please also test that these errors cases
work as intended.
next prev parent reply other threads:[~2016-11-28 11:39 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-11-24 14:16 [PATCH nft 1/7] Interpret OP_NEQ against a set as OP_LOOKUP Anatole Denis
2016-11-24 14:16 ` [PATCH nft 2/7] tests/py/{arp,any}: Unmask negative set lookup Anatole Denis
2016-11-29 21:18 ` Pablo Neira Ayuso
2016-11-24 14:16 ` [PATCH nft 3/7] tests/py/ip: Unmark negative set lookup tests Anatole Denis
2016-11-24 14:16 ` [PATCH nft 4/7] tests/py/ip6: Unmark inverted set lookup testcases Anatole Denis
2016-11-24 14:16 ` [PATCH nft 5/7] tests/py{ah,esp,comp}: Unmark inverted set lookup Anatole Denis
2016-11-24 14:16 ` [PATCH nft 6/7] tests/py/{dccp,sctp,tcp}: Unmark inverted lookup Anatole Denis
2016-11-24 14:16 ` [PATCH nft 7/7] tests/py/{udp,udplite}: Unmark inverted set lookup Anatole Denis
2016-11-28 11:39 ` Pablo Neira Ayuso [this message]
2016-11-28 16:49 ` Re : [PATCH nft 1/7] Interpret OP_NEQ against a set as OP_LOOKUP Anatole Denis
2016-11-29 21:40 ` Pablo Neira Ayuso
2016-11-29 21:17 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161128113905.GC1691@salvia \
--to=pablo@netfilter.org \
--cc=anatole@rezel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.