From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [PATCH nft] evaluate: don't eval unary arguments.
Date: Sun, 19 Jan 2020 18:12:03 +0000 [thread overview]
Message-ID: <20200119181203.60884-1-jeremy@azazel.net> (raw)
When a unary expression is inserted to implement a byte-order
conversion, the expression being converted has already been evaluated
and so expr_evaluate_unary doesn't need to do so. For most types of
expression, the double evaluation doesn't matter since evaluation is
idempotent. However, in the case of payload expressions which are
munged during evaluation, it can cause unexpected errors:
# nft add table ip t
# nft add chain ip t c '{ type filter hook input priority filter; }'
# nft add rule ip t c ip dscp set 'ip dscp | 0x10'
Error: Value 252 exceeds valid range 0-63
add rule ip t c ip dscp set ip dscp | 0x10
^^^^^^^
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
src/evaluate.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index e7881543d2de..9d5fdaf0ef3e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -997,13 +997,9 @@ static int expr_evaluate_range(struct eval_ctx *ctx, struct expr **expr)
*/
static int expr_evaluate_unary(struct eval_ctx *ctx, struct expr **expr)
{
- struct expr *unary = *expr, *arg;
+ struct expr *unary = *expr, *arg = unary->arg;
enum byteorder byteorder;
- if (expr_evaluate(ctx, &unary->arg) < 0)
- return -1;
- arg = unary->arg;
-
assert(!expr_is_constant(arg));
assert(expr_basetype(arg)->type == TYPE_INTEGER);
assert(arg->etype != EXPR_UNARY);
--
2.24.1
next reply other threads:[~2020-01-19 18:12 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-01-19 18:12 Jeremy Sowden [this message]
2020-01-27 9:33 ` [PATCH nft] evaluate: don't eval unary arguments Pablo Neira Ayuso
2020-01-27 11:13 ` Jeremy Sowden
2020-01-28 18:49 ` Pablo Neira Ayuso
2020-02-04 11:02 ` Jeremy Sowden
2020-02-23 22:14 ` Jeremy Sowden
2020-02-23 22:23 ` Pablo Neira Ayuso
2020-02-23 22:34 ` Florian Westphal
2020-02-23 22:38 ` Pablo Neira Ayuso
2020-02-23 23:12 ` Florian Westphal
2020-02-24 12:36 ` Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200119181203.60884-1-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).