From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nftables 9/9] segtree: add support for get element with sets that contain ifnames
Date: Sat, 9 Apr 2022 15:58:32 +0200 [thread overview]
Message-ID: <20220409135832.17401-10-fw@strlen.de> (raw)
In-Reply-To: <20220409135832.17401-1-fw@strlen.de>
nft get element inet filter s { bla, prefixfoo }
table inet filter {
set s {
type ifname
flags interval
elements = { "prefixfoo*",
"bla" }
}
Also add test cases for this.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/segtree.c | 59 +++++++++++++++-----
tests/shell/testcases/sets/sets_with_ifnames | 21 ++++++-
2 files changed, 65 insertions(+), 15 deletions(-)
diff --git a/src/segtree.c b/src/segtree.c
index 0135a07492b0..3ccf5ee129fc 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -774,6 +774,12 @@ static struct expr *get_set_interval_find(const struct set *cache_set,
list_for_each_entry(i, &set->init->expressions, list) {
switch (i->key->etype) {
+ case EXPR_VALUE:
+ if (expr_basetype(i->key)->type != TYPE_STRING)
+ break;
+ /* string type, check if its a range (wildcard), so
+ * fall through.
+ */
case EXPR_PREFIX:
case EXPR_RANGE:
range_expr_value_low(val, i);
@@ -796,6 +802,18 @@ out:
return range;
}
+static struct expr *expr_value(struct expr *expr)
+{
+ switch (expr->etype) {
+ case EXPR_MAPPING:
+ return expr->left->key;
+ case EXPR_SET_ELEM:
+ return expr->key;
+ default:
+ BUG("invalid expression type %s\n", expr_name(expr));
+ }
+}
+
static struct expr *__expr_to_set_elem(struct expr *low, struct expr *expr)
{
struct expr *elem = set_elem_expr_alloc(&low->location, expr);
@@ -812,6 +830,31 @@ static struct expr *__expr_to_set_elem(struct expr *low, struct expr *expr)
return elem;
}
+static struct expr *expr_to_set_elem(struct expr *e)
+{
+ unsigned int len = div_round_up(e->len, BITS_PER_BYTE);
+ unsigned int str_len;
+ char data[len + 1];
+ struct expr *expr;
+
+ if (expr_basetype(expr_value(e))->type != TYPE_STRING)
+ return expr_clone(e);
+
+ mpz_export_data(data, expr_value(e)->value, BYTEORDER_BIG_ENDIAN, len);
+
+ str_len = strnlen(data, len);
+ if (str_len >= len || str_len == 0)
+ return expr_clone(e);
+
+ data[str_len] = '*';
+
+ expr = constant_expr_alloc(&e->location, e->dtype,
+ BYTEORDER_HOST_ENDIAN,
+ (str_len + 1) * BITS_PER_BYTE, data);
+
+ return __expr_to_set_elem(e, expr);
+}
+
int get_set_decompose(struct set *cache_set, struct set *set)
{
struct expr *i, *next, *range;
@@ -846,7 +889,7 @@ int get_set_decompose(struct set *cache_set, struct set *set)
compound_expr_add(new_init, range);
else
compound_expr_add(new_init,
- expr_clone(left));
+ expr_to_set_elem(left));
}
left = i;
}
@@ -856,7 +899,7 @@ int get_set_decompose(struct set *cache_set, struct set *set)
if (range)
compound_expr_add(new_init, range);
else
- compound_expr_add(new_init, expr_clone(left));
+ compound_expr_add(new_init, expr_to_set_elem(left));
}
expr_free(set->init);
@@ -878,18 +921,6 @@ static bool range_is_prefix(const mpz_t range)
return ret;
}
-static struct expr *expr_value(struct expr *expr)
-{
- switch (expr->etype) {
- case EXPR_MAPPING:
- return expr->left->key;
- case EXPR_SET_ELEM:
- return expr->key;
- default:
- BUG("invalid expression type %s\n", expr_name(expr));
- }
-}
-
static int expr_value_cmp(const void *p1, const void *p2)
{
struct expr *e1 = *(void * const *)p1;
diff --git a/tests/shell/testcases/sets/sets_with_ifnames b/tests/shell/testcases/sets/sets_with_ifnames
index 0f9a6b5b0048..10e6c331bdca 100755
--- a/tests/shell/testcases/sets/sets_with_ifnames
+++ b/tests/shell/testcases/sets/sets_with_ifnames
@@ -22,11 +22,22 @@ check_elem()
setname=$1
ifname=$2
fail=$3
+ result=$4
+
+ if [ -z "$result" ]; then
+ result=$ifname
+ fi
if [ $fail -eq 1 ]; then
ip netns exec "$ns1" $NFT get element inet testifsets $setname { "$ifname" } && exit 2
else
- ip netns exec "$ns1" $NFT get element inet testifsets $setname { "$ifname" } || exit 3
+ result=$(ip netns exec "$ns1" $NFT get element inet testifsets $setname { "$ifname" } | grep "$result" )
+
+ if [ -z "$result" ] ; then
+ echo "empty result, expected $ifname"
+ ip netns exec "$ns1" $NFT get element inet testifsets $setname { "$ifname" }
+ exit 1
+ fi
fi
}
@@ -61,6 +72,14 @@ done
check_elem simple foo 1
+for n in ppp0 othername;do
+ check_elem simple_wild $n 0
+done
+
+check_elem simple_wild enoent 1
+check_elem simple_wild ppp0 0
+check_elem simple_wild abcdefghijk 0 'abcdef\*'
+
set -e
ip -net "$ns1" link set lo up
ip -net "$ns2" link set lo up
--
2.35.1
next prev parent reply other threads:[~2022-04-09 13:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-09 13:58 [PATCH nftables 0/9] nftables: add support for wildcard string as set keys Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 1/9] evaluate: make byteorder conversion on string base type a no-op Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 2/9] evaluate: keep prefix expression length Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 3/9] segtree: split prefix and range creation to a helper function Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 4/9] evaluate: string prefix expression must retain original length Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 5/9] src: make interval sets work with string datatypes Florian Westphal
2022-04-12 23:46 ` Pablo Neira Ayuso
2022-04-09 13:58 ` [PATCH nftables 6/9] segtree: add string "range" reversal support Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 7/9] tests: add testcases for interface names in sets Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 8/9] segtree: use correct byte order for 'element get' Florian Westphal
2022-04-09 13:58 ` Florian Westphal [this message]
2022-04-12 22:17 ` [PATCH nftables 0/9] nftables: add support for wildcard string as set keys Pablo Neira Ayuso
2022-04-12 22:43 ` Florian Westphal
2022-04-12 23:08 ` Pablo Neira Ayuso
2022-04-12 23:30 ` Florian Westphal
2022-04-12 23:41 ` Pablo Neira Ayuso
2022-04-13 0:02 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220409135832.17401-10-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).