This provides a generic way to transfer shifts from the left hand side
to the right hand range side of a relational expression when performing
transformations from the evaluation step.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 14 ++++++++++++++
src/netlink_delinearize.c | 19 ++++++++++++++++---
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 0fcdb73..eb191ed 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1099,6 +1099,20 @@ static int binop_transfer(struct eval_ctx *ctx, struct expr **expr)
list_add_tail(&i->list, &next->list);
}
break;
+ case EXPR_SET_REF:
+ list_for_each_entry(i, &(*expr)->right->set->init->expressions, list) {
+ err = binop_can_transfer(ctx, left, i->key);
+ if (err <= 0)
+ return err;
+ }
+ list_for_each_entry_safe(i, next, &(*expr)->right->set->init->expressions,
+ list) {
+ list_del(&i->list);
+ if (binop_transfer_one(ctx, left, &i->key) < 0)
+ return -1;
+ list_add_tail(&i->list, &next->list);
+ }
+ break;
default:
return 0;
}
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8cbabc3..c5e5c69 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -1184,8 +1184,7 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
expr_free(value);
expr_free(binop);
} else if (binop->op == OP_AND &&
- binop->left->ops->type == EXPR_PAYLOAD &&
- binop->right->ops->type == EXPR_VALUE) {
+ binop->left->ops->type == EXPR_PAYLOAD) {
struct expr *payload = binop->left;
struct expr *mask = binop->right;
unsigned int shift;
@@ -1223,10 +1222,24 @@ static void relational_binop_postprocess(struct rule_pp_ctx *ctx, struct expr *e
* Finally, convert the expression to 1) by replacing
* the binop with the binop payload expr.
*/
- if (value->ops->type == EXPR_VALUE) {
+ switch (value->ops->type) {
+ case EXPR_VALUE:
assert(value->len >= expr->left->right->len);
mpz_rshift_ui(value->value, shift);
value->len = payload->len;
+ break;
+ case EXPR_SET_REF: {
+ struct expr *i;
+
+ list_for_each_entry(i, &value->set->init->expressions, list) {
+ assert(i->key->len >= expr->left->right->len);
+ mpz_rshift_ui(i->key->value, shift);
+ i->key->len = payload->len;
+ }
+ break;
+ }
+ default:
+ break;
}
payload_match_postprocess(ctx, expr, payload);
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
