On Thu, May 31, 2018 at 04:48:58PM +0200, Pablo Neira Ayuso wrote:
> On Thu, May 31, 2018 at 01:42:17PM +0200, Máté Eckl wrote:
> > On Thu, May 31, 2018 at 10:57:49AM +0200, Pablo Neira Ayuso wrote:
> > > > I just wanted to make sure that the only accepted values are 0 and 1 and I
> > > > didn't find other way to provide this check.
> > >
> > > You can reject this from the evaluation phase.
> >
> > Oh, earlier I didn't find how to do it, but now I think I did.
> >
> > Would you accept a new version of the patch with this?
>
> That looks good.
>
> Please tests if this will that work with maps too? eg.
>
> socket transparent ip saddr map { 1.1.1.1 : 1,
> 2.2.2.2 : 0 }
>
It does not, but neither it does with the former version :).
# nft add rule inet sockin sockchain socket transparent ip saddr map { 1.1.1.1 : 1 , 2.2.2.2 : 0 }
Error: syntax error, unexpected saddr, expecting end of file or newline or semicolon
add rule inet sockin sockchain socket transparent ip saddr map { 1.1.1.1 : 1 , 2.2.2.2 : 0 }
^^^^^
I'm not sure what can be the problem.
> > diff --git a/src/evaluate.c b/src/evaluate.c
> > index 56fea26..70d6b23 100644
> > --- a/src/evaluate.c
> > +++ b/src/evaluate.c
> > @@ -1712,9 +1712,11 @@ static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
> > return expr_evaluate_primary(ctx, exprp);
> > }
> >
> > -static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **exprp)
> > +static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
> > {
> > - return expr_evaluate_primary(ctx, exprp);
> > + __expr_set_context(&ctx->ectx, (*expr)->dtype, (*expr)->byteorder,
> > + (*expr)->len, 1);
> > + return 0;
> > }
> >
> > static int expr_evaluate_variable(struct eval_ctx *ctx, struct expr **exprp)
> >
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
