From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 2/3] netlink: allow typeof keywords with objref maps during listing
Date: Thu, 29 Feb 2024 11:41:24 +0100 [thread overview]
Message-ID: <20240229104347.5156-3-fw@strlen.de> (raw)
In-Reply-To: <20240229104347.5156-1-fw@strlen.de>
Without this,
typeof meta l4proto . ip saddr . tcp sport : limit
... is shown as
type inet_proto . ipv4_addr . inet_service : limit
The "data" element is a value (the object type number).
It doesn't support userinfo data.
There is no reason to add it, the value is the object type
number that the object-reference map stores.
So, if we have an objref map, DO NOT discard the key part,
as we do for normal maps.
For normal maps, we support either typeof notation, i.e.:
typeof meta l4proto . ip saddr . tcp sport : ip saddr
or the data type version:
type inet_proto . ipv4_addr . inet_service : ipv4_addr
... but not a mix, a hyptothetical
typeof meta l4proto . ip saddr . tcp sport : ipv4_addr
... does not work.
If nft finds no udata attached to the data element, for normal
map case, it has to fall back to the "type" form.
But for objref maps this is expected, udata for key but not for data.
Hence, for objref case, keep the typeof part if its valid.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/netlink.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/src/netlink.c b/src/netlink.c
index 3d685b575e64..0088b742d573 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1044,6 +1044,8 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
}
list_splice_tail(&set_parse_ctx.stmt_list, &set->stmt_list);
+ set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
+
if (datatype) {
uint32_t dlen;
@@ -1056,6 +1058,11 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
typeof_expr_data->len = klen;
set->data = typeof_expr_data;
typeof_expr_data = NULL;
+ } else if (set->flags & NFT_SET_OBJECT) {
+ set->data = constant_expr_alloc(&netlink_location,
+ dtype2,
+ databyteorder, klen,
+ NULL);
} else {
set->data = constant_expr_alloc(&netlink_location,
dtype2,
@@ -1084,7 +1091,6 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
NULL);
}
- set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
set->handle.handle.id = nftnl_set_get_u64(nls, NFTNL_SET_HANDLE);
set->objtype = objtype;
--
2.43.0
next prev parent reply other threads:[~2024-02-29 10:45 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-29 10:41 [PATCH nft 0/3] nftables: add typeof support for objref maps Florian Westphal
2024-02-29 10:41 ` [PATCH nft 1/3] parser: allow typeof in " Florian Westphal
2024-02-29 10:41 ` Florian Westphal [this message]
2024-02-29 10:41 ` [PATCH nft 3/3] tests: maps: add a test case for "limit" objref map Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240229104347.5156-3-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).