Re: [PATCH nft v2] src: evaluate: support prefix expression in statements

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Jul 22, 2019 at 11:37:40AM +0200, Florian Westphal wrote:
> Currently nft dumps core when it encounters a prefix expression as
> part of a statement, e.g.
> iifname ens3 snat to 10.0.0.0/28
> 
> yields:
> BUG: unknown expression type prefix
> nft: netlink_linearize.c:688: netlink_gen_expr: Assertion `0' failed.
> 
> This assertion is correct -- we can't linearize a prefix because
> kernel doesn't know what that is.
> 
> For LHS prefixes, they get converted to a binary 'and' such as
> '10.0.0.0 & 255.255.255.240'.  For RHS, we can do something similar
> and convert them into a range.
> 
> snat to 10.0.0.0/28 will be converted into:
> iifname "ens3" snat to 10.0.0.0-10.0.0.15
> 
> Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1187
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>

Acked-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>

Please, double check before pushing this out that valgrind is happy
with this (no memleaks).

Thanks.



[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux