From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 7/8] payload: consider expression type during dependency removal
Date: Fri, 27 Oct 2017 01:06:10 +0200 [thread overview]
Message-ID: <20171026230611.14269-8-fw@strlen.de> (raw)
In-Reply-To: <20171026230611.14269-1-fw@strlen.de>
permit removal of linklayer dependencies if the current
expression type permits this.
This gets rid of most of the warnings added by the previous
commit.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/netlink_delinearize.c | 2 +-
src/payload.c | 37 ++++++++++++++++++++++++++++++++++---
2 files changed, 35 insertions(+), 4 deletions(-)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 57d780b316d0..efb80fdc3da4 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1390,7 +1390,7 @@ static void ct_meta_common_postprocess(struct rule_pp_ctx *ctx,
left->flags & EXPR_F_PROTOCOL) {
payload_dependency_store(&ctx->pdctx, ctx->stmt, base);
} else if (ctx->pdctx.pbase < PROTO_BASE_TRANSPORT_HDR) {
- __payload_dependency_kill(&ctx->pdctx, &ctx->pctx, base);
+ payload_dependency_kill(&ctx->pdctx, &ctx->pctx, left);
if (left->flags & EXPR_F_PROTOCOL)
payload_dependency_store(&ctx->pdctx, ctx->stmt, base);
}
diff --git a/src/payload.c b/src/payload.c
index 184a611704ea..69985af99c9a 100644
--- a/src/payload.c
+++ b/src/payload.c
@@ -506,6 +506,7 @@ static bool get_relop_base(const struct stmt *stmt,
*/
static bool pdep_is_redundant(struct payload_dep_ctx *pdctx,
const struct proto_ctx *pctx,
+ const struct expr *e,
enum proto_bases base)
{
const struct proto_desc *proto, *proto_upper;
@@ -541,6 +542,28 @@ static bool pdep_is_redundant(struct payload_dep_ctx *pdctx,
break;
case PROTO_BASE_LL_HDR:
/*
+ * If we have an expression, then check if it implies an l3
+ * protocol.
+ * If we don't have one, then we keep the protocol dependency.
+ */
+ if (!e)
+ return false;
+
+ if ((e->flags & EXPR_F_PROTOCOL) == 0)
+ return true;
+
+ switch (e->ops->type) {
+ case EXPR_PAYLOAD:
+ return true;
+ case EXPR_CT:
+ if (type == EXPR_CT) /* ct s/daddr */
+ return true;
+ break;
+ default:
+ break;
+ }
+
+ /*
* It would be nice to also remove
* 'meta nfproto' in cases like
* meta nfproto ipv6 icmpv6 type ..., but we can't.
@@ -574,14 +597,15 @@ static bool pdep_is_redundant(struct payload_dep_ctx *pdctx,
* Kill a redundant payload expression if a higher layer payload expression
* implies its existance.
*/
-void __payload_dependency_kill(struct payload_dep_ctx *pdctx,
+static void do_payload_dependency_kill(struct payload_dep_ctx *pdctx,
const struct proto_ctx *pctx,
+ const struct expr *e,
enum proto_bases base)
{
if (pdctx->pbase != PROTO_BASE_INVALID &&
pdctx->pbase == base &&
pdctx->pdep != NULL &&
- pdep_is_redundant(pdctx, pctx, base)) {
+ pdep_is_redundant(pdctx, pctx, e, base)) {
list_del(&pdctx->pdep->list);
stmt_free(pdctx->pdep);
@@ -592,6 +616,13 @@ void __payload_dependency_kill(struct payload_dep_ctx *pdctx,
}
}
+void __payload_dependency_kill(struct payload_dep_ctx *pdctx,
+ const struct proto_ctx *pctx,
+ enum proto_bases base)
+{
+ do_payload_dependency_kill(pdctx, pctx, NULL, base);
+}
+
void payload_dependency_update(struct payload_dep_ctx *pdctx,
struct proto_ctx *ctx,
struct stmt *stmt,
@@ -619,7 +650,7 @@ void payload_dependency_kill(struct payload_dep_ctx *pdctx,
const struct proto_ctx *ctx,
const struct expr *expr)
{
- __payload_dependency_kill(pdctx, ctx, expr_to_base(expr));
+ do_payload_dependency_kill(pdctx, ctx, expr, expr_to_base(expr));
}
/**
--
2.13.6
next prev parent reply other threads:[~2017-10-26 23:06 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-10-26 23:06 [PATCH nft 0/8] rework dependency removal Florian Westphal
2017-10-26 23:06 ` [PATCH nft 1/8] tests: adjust output to silence warnings Florian Westphal
2017-10-27 10:29 ` Pablo Neira Ayuso
2017-10-27 12:41 ` Florian Westphal
2017-10-27 12:52 ` Florian Westphal
2017-10-27 14:07 ` Pablo Neira Ayuso
2017-10-27 18:03 ` Florian Westphal
2017-10-26 23:06 ` [PATCH nft 2/8] src: remove exthdr_dependency_kill Florian Westphal
2017-10-26 23:06 ` [PATCH nft 3/8] src: add and use payload_dependency_update helper Florian Westphal
2017-10-26 23:06 ` [PATCH nft 4/8] src: pass proto_ctx to payload_dependency_kill Florian Westphal
2017-10-26 23:06 ` [PATCH nft 5/8] payload: add basic infrastructure to keep some dependencies Florian Westphal
2017-10-26 23:06 ` [PATCH nft 6/8] payload: keep dependencies that enforce a specific l3 protocol Florian Westphal
2017-10-26 23:06 ` Florian Westphal [this message]
2017-10-26 23:06 ` [PATCH nft 8/8] tests: silence test case Florian Westphal
2017-10-27 10:39 ` [PATCH nft 0/8] rework dependency removal Pablo Neira Ayuso
2017-10-27 12:46 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171026230611.14269-8-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).