[PATCH nft 6/7] evaluate: transfer right shifts to set reference side

[Pablo Neira Ayuso <pablo@netfilter.org>]

This provides a generic way to transfer shifts from the left hand side
to the right hand range side of a relational expression when performing
transformations from the evaluation step.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c            | 14 ++++++++++++++
 src/netlink_delinearize.c | 19 ++++++++++++++++---
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index 0fcdb73..eb191ed 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1099,6 +1099,20 @@ static int binop_transfer(struct eval_ctx *ctx, struct expr **expr)
 			list_add_tail(&i->list, &next->list);
 		}
 		break;
+	case EXPR_SET_REF:
+		list_for_each_entry(i, &(*expr)->right->set->init->expressions, list) {
+			err = binop_can_transfer(ctx, left, i->key);
+			if (err <= 0)
+				return err;
+		}
+		list_for_each_entry_safe(i, next, &(*expr)->right->set->init->expressions,
+					 list) {
+			list_del(&i->list);
+			if (binop_transfer_one(ctx, left, &i->key) < 0)
+				return -1;
+			list_add_tail(&i->list, &next->list);
+		}
+		break;
 	default:
 		return 0;
 	}
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8cbabc3..c5e5c69 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1184,8 +1184,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
 		expr_free(value);
 		expr_free(binop);
 	} else if (binop->op == OP_AND &&
-		   binop->left->ops->type == EXPR_PAYLOAD &&
-		   binop->right->ops->type == EXPR_VALUE) {
+		   binop->left->ops->type == EXPR_PAYLOAD) {
 		struct expr *payload = binop->left;
 		struct expr *mask = binop->right;
 		unsigned int shift;
@@ -1223,10 +1222,24 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
 			 * Finally, convert the expression to 1) by replacing
 			 * the binop with the binop payload expr.
 			 */
-			if (value->ops->type == EXPR_VALUE) {
+			switch (value->ops->type) {
+			case EXPR_VALUE:
 				assert(value->len >= expr->left->right->len);
 				mpz_rshift_ui(value->value, shift);
 				value->len = payload->len;
+				break;
+			case EXPR_SET_REF: {
+				struct expr *i;
+
+				list_for_each_entry(i, &value->set->init->expressions, list) {
+					assert(i->key->len >= expr->left->right->len);
+					mpz_rshift_ui(i->key->value, shift);
+					i->key->len = payload->len;
+				}
+				break;
+				}
+			default:
+				break;
 			}
 
 			payload_match_postprocess(ctx, expr, payload);
-- 
2.1.4