From: Phil Sutter <phil@nwl.cc>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: netfilter-devel@vger.kernel.org,
Arturo Borrero Gonzalez <arturo@netfilter.org>
Subject: [nft PATCH 4/4] monitor: Ignore ranges' zero segment
Date: Wed, 12 Jul 2017 14:36:58 +0200 [thread overview]
Message-ID: <20170712123658.25363-5-phil@nwl.cc> (raw)
In-Reply-To: <20170712123658.25363-1-phil@nwl.cc>
The internal representation of ranges in a set consists of segments
which either match or not. Each segment is identified by the lower
boundary and simply spans till the next segment. Upon insertion,
adjacent (matching) segments are joined into a single one, but only if
both are new. This means that the inverse operation, namely converting
segments back into ranges, may use the non-matching segments' lower
boundary as range end marker. But there is one catch: If the first range
doesn't start at zero, the first segment is a non-matching one. Code
indicates that by EXPR_F_INTERVAL_END flag. So when monitor sees a lower
boundary of zero with that flag set, it has to ignore it.
Signed-off-by: Phil Sutter <phil@nwl.cc>
---
src/netlink.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/src/netlink.c b/src/netlink.c
index 65c6f05a57649..8f9864129ea94 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -2214,6 +2214,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
struct set *set;
const char *setname, *table;
uint32_t family;
+ struct expr *expr;
nls = netlink_setelem_alloc(nlh);
table = nftnl_set_get_str(nls, NFTNL_SET_TABLE);
@@ -2267,6 +2268,13 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type,
free(setelem_cache.table);
free(setelem_cache.setname);
} else {
+ expr = compound_expr_last(dummyset->init);
+
+ if (!mpz_cmp_ui(expr->key->value, 0) &&
+ expr->flags & EXPR_F_INTERVAL_END) {
+ set_free(dummyset);
+ goto out;
+ }
setelem_cache.type = type;
setelem_cache.family = family;
setelem_cache.table = xstrdup(table);
--
2.13.1
next prev parent reply other threads:[~2017-07-12 12:37 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-07-12 12:36 [nft PATCH 0/4] monitor: Fix printing of range elements in named sets Phil Sutter
2017-07-12 12:36 ` [nft PATCH 1/4] " Phil Sutter
2017-07-12 16:30 ` Arturo Borrero Gonzalez
2017-07-12 19:05 ` Phil Sutter
2017-07-13 18:22 ` Phil Sutter
2017-07-14 9:03 ` Arturo Borrero Gonzalez
2017-07-17 16:12 ` Pablo Neira Ayuso
2017-07-17 17:02 ` Phil Sutter
2017-07-12 12:36 ` [nft PATCH 2/4] list: Introduce list_last_entry Phil Sutter
2017-07-12 15:41 ` Arturo Borrero Gonzalez
2017-07-12 19:15 ` Phil Sutter
2017-07-12 12:36 ` [nft PATCH 3/4] expression: Introduce compound_expr_last Phil Sutter
2017-07-12 15:42 ` Arturo Borrero Gonzalez
2017-07-12 12:36 ` Phil Sutter [this message]
2017-07-12 15:49 ` [nft PATCH 4/4] monitor: Ignore ranges' zero segment Arturo Borrero Gonzalez
2017-07-12 19:11 ` Phil Sutter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170712123658.25363-5-phil@nwl.cc \
--to=phil@nwl.cc \
--cc=arturo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).