On Thu, May 31, 2018 at 01:42:17PM +0200, Máté Eckl wrote:
> On Thu, May 31, 2018 at 10:57:49AM +0200, Pablo Neira Ayuso wrote:
> > > I just wanted to make sure that the only accepted values are 0 and 1 and I
> > > didn't find other way to provide this check.
> >
> > You can reject this from the evaluation phase.
>
> Oh, earlier I didn't find how to do it, but now I think I did.
>
> Would you accept a new version of the patch with this?
That looks good.
Please tests if this will that work with maps too? eg.
socket transparent ip saddr map { 1.1.1.1 : 1,
2.2.2.2 : 0 }
> diff --git a/src/evaluate.c b/src/evaluate.c
> index 56fea26..70d6b23 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -1712,9 +1712,11 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
> return expr_evaluate_primary(ctx, exprp);
> }
>
> -static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **exprp)
> +static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
> {
> - return expr_evaluate_primary(ctx, exprp);
> + __expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
> + (*expr)->len, 1);
> + return 0;
> }
>
> static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
>
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
