On 31 May 2016 at 16:44, Florian Westphal <fw@xxxxxxxxx> wrote:
> Arturo Borrero Gonzalez <arturo.borrero.glez@xxxxxxxxx> wrote:
>> - if (set->ops->lookup(set, ®s->data[priv->sreg], &ext)) {
>> + if (set->ops->lookup(set, ®s->data[priv->sreg], &ext) ^
>> + priv->invert) {
>> if (set->flags & NFT_SET_MAP)
>> nft_data_copy(®s->data[priv->dreg],
>> nft_set_ext_data(ext), set->dlen);
>
> Whats the plan for SET_MAP here?
> You enter 'lookup found a result' branch here in case we did not find
> anything and invert is set.
>
> I think its better to use a
>
> } else if (priv->invert) {
> return;
> }
>
> here.
>
Totally right, thanks.
>> @@ -47,6 +49,7 @@ static const struct nla_policy nft_lookup_policy[NFTA_LOOKUP_MAX + 1] = {
>> [NFTA_LOOKUP_SET_ID] = { .type = NLA_U32 },
>> [NFTA_LOOKUP_SREG] = { .type = NLA_U32 },
>> [NFTA_LOOKUP_DREG] = { .type = NLA_U32 },
>> + [NFTA_LOOKUP_FLAGS] = { .type = NLA_U32 },
>> };
>>
>> static int nft_lookup_init(const struct nft_ctx *ctx,
>> @@ -55,6 +58,7 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
>> {
>> struct nft_lookup *priv = nft_expr_priv(expr);
>> struct nft_set *set;
>> + u32 flags;
>> int err;
>>
>> if (tb[NFTA_LOOKUP_SET] == NULL ||
>> @@ -91,6 +95,12 @@ static int nft_lookup_init(const struct nft_ctx *ctx,
>> } else if (set->flags & NFT_SET_MAP)
>> return -EINVAL;
>>
>> + if (tb[NFTA_LOOKUP_FLAGS]) {
>> + flags = ntohl(nla_get_be32(tb[NFTA_LOOKUP_FLAGS]));
>> + if (flags & NFT_LOOKUP_F_INV)
>> + priv->invert = true;
>> + }
>> +
>
> I think we should EINVAL if NFT_LOOKUP_F_INV is given with dreg/map.
ok
--
Arturo Borrero González
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
