Add proto_is_dummy() that returns true for netdev and inet family, the
only two using a dummy link-layer protocol base definition.
Rename supersede_dep() to meta_iiftype_gen_dependency() since this is
generating the implicit meta iiftype check for netdev and inet.
This patch also gets rid of the have->length check. The tests pass fine
without this so I suspect this is superfluos.
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 5ef035b..eb442d5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -359,19 +359,14 @@ conflict_resolution_gen_dependency(struct eval_ctx *ctx, int protocol,
* ip saddr adds meta dependency on ipv4 packets
* ether saddr adds another dependeny on ethernet frames.
*/
-static int supersede_dep(struct eval_ctx *ctx, const struct proto_desc *have,
- struct expr *payload)
+static int meta_iiftype_gen_dependency(struct eval_ctx *ctx,
+ const struct proto_desc *have,
+ struct expr *payload)
{
enum proto_bases base = payload->payload.base;
struct stmt *nstmt;
uint16_t type;
- if (payload->payload.base != PROTO_BASE_LL_HDR || have->length)
- return 1;
-
- if (have != &proto_inet && have != &proto_netdev)
- return 1;
-
if (proto_dev_type(payload->payload.desc, &type) < 0)
return expr_error(ctx->msgs, payload,
"protocol specification is invalid "
@@ -387,6 +382,11 @@ static int supersede_dep(struct eval_ctx *ctx, const struct proto_desc *have,
return 0;
}
+static bool proto_is_dummy(const struct proto_desc *desc)
+{
+ return desc == &proto_inet || desc == &proto_netdev;
+}
+
static int resolve_protocol_conflict(struct eval_ctx *ctx,
const struct proto_desc *desc,
struct expr *payload)
@@ -395,9 +395,12 @@ static int resolve_protocol_conflict(struct eval_ctx *ctx,
struct stmt *nstmt = NULL;
int link, err;
- err = supersede_dep(ctx, desc, payload);
- if (err <= 0)
- return err;
+ if (payload->payload.base == PROTO_BASE_LL_HDR &&
+ proto_is_dummy(desc)) {
+ err = meta_iiftype_gen_dependency(ctx, desc, payload);
+ if (err <= 0)
+ return err;
+ }
if (base < PROTO_BASE_MAX) {
const struct proto_desc *next = ctx->pctx.protocol[base + 1].desc;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
