From: Pablo Neira Ayuso <pablo@netfilter.org>
To: netfilter-devel@vger.kernel.org
Cc: kaber@trash.net, fw@strlen.de
Subject: [PATCH nft 10/11] src: annotate follow up dependency just after killing another
Date: Thu, 28 Jan 2016 22:24:59 +0100 [thread overview]
Message-ID: <1454016300-29969-11-git-send-email-pablo@netfilter.org> (raw)
In-Reply-To: <1454016300-29969-1-git-send-email-pablo@netfilter.org>
The inet and netdev families generate two implicit dependencies to check
for the interface type, so we have to check just after killing an implicit
dependency if there is another that we should annotate to kill it as well.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/netlink_delinearize.c | 45 +++++++++++++++++++++++++++------------------
1 file changed, 27 insertions(+), 18 deletions(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index cb9c3ab..bbe1876 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1031,6 +1031,30 @@ static void integer_type_postprocess(struct expr *expr)
}
}
+static void payload_dependency_save(struct rule_pp_ctx *ctx, unsigned int base,
+ struct stmt *nstmt, struct expr *tmp)
+{
+ unsigned int proto = mpz_get_be16(tmp->value);
+ const struct proto_desc *desc, *next;
+ bool stacked_header = false;
+
+ desc = ctx->pctx.protocol[base].desc;
+
+ assert(desc);
+ if (desc) {
+ next = proto_find_upper(desc, proto);
+ stacked_header = next && next->base == base;
+ }
+
+ if (stacked_header) {
+ ctx->pctx.protocol[base].desc = next;
+ ctx->pctx.protocol[base].offset += desc->length;
+ payload_dependency_store(ctx, nstmt, base - 1);
+ } else {
+ payload_dependency_store(ctx, nstmt, base);
+ }
+}
+
static void payload_match_expand(struct rule_pp_ctx *ctx,
struct expr *expr,
struct expr *payload)
@@ -1068,26 +1092,11 @@ static void payload_match_expand(struct rule_pp_ctx *ctx,
*/
if (ctx->pbase == PROTO_BASE_INVALID &&
left->flags & EXPR_F_PROTOCOL) {
- unsigned int proto = mpz_get_be16(tmp->value);
- const struct proto_desc *desc, *next;
- bool stacked_header = false;
-
- desc = ctx->pctx.protocol[base].desc;
- assert(desc);
- if (desc) {
- next = proto_find_upper(desc, proto);
- stacked_header = next && next->base == base;
- }
-
- if (stacked_header) {
- ctx->pctx.protocol[base].desc = next;
- ctx->pctx.protocol[base].offset += desc->length;
- payload_dependency_store(ctx, nstmt, base - 1);
- } else {
- payload_dependency_store(ctx, nstmt, base);
- }
+ payload_dependency_save(ctx, base, nstmt, tmp);
} else {
payload_dependency_kill(ctx, nexpr->left);
+ if (left->flags & EXPR_F_PROTOCOL)
+ payload_dependency_save(ctx, base, nstmt, tmp);
}
}
list_del(&ctx->stmt->list);
--
2.1.4
next prev parent reply other threads:[~2016-01-28 21:25 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-28 21:24 [PATCH nft 00/11] revisiting protocol conflict resolution Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 01/11] evaluate: resolve_protocol_conflict() should return int Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 02/11] evaluate: move inet/netdev protocol context supersede logic to supersede_dep() Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 03/11] evaluate: check if we have to resolve a conflict in first place Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 04/11] evaluate: don't adjust offset from resolve_protocol_conflict() Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 05/11] evaluate: only try to replace dummy protocol from link-layer context Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 06/11] evaluate: assert on invalid base in resolve_protocol_conflict() Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 07/11] evaluate: wrap protocol context debunk into function Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 08/11] evaluate: generate ether type payload after meta iiftype Pablo Neira Ayuso
2016-01-28 21:24 ` [PATCH nft 09/11] proto: proto_dev_type() returns interface type for base protocols too Pablo Neira Ayuso
2016-01-28 21:24 ` Pablo Neira Ayuso [this message]
2016-01-28 21:25 ` [PATCH nft 11/11] tests/py: test vlan on ingress Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1454016300-29969-11-git-send-email-pablo@netfilter.org \
--to=pablo@netfilter.org \
--cc=fw@strlen.de \
--cc=kaber@trash.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).