This change allows map expressions on the left side of comparisons:
nft add rule foo bar ip saddr map @map_a == 22 counter
It also allows map expressions as the left side expression of other
map expressions:
nft add rule foo bar ip saddr map @map_a map @map_b == 22 counter
To accomplish this, some additional context needs to be set during
evaluation and delinearization. A tweak is also make to the parser
logic to allow map expressions as the left hand expression to other
map expressions.
By allowing maps as left side comparison expressions one can map
information in the packet to some arbitrary piece of data and use
the equality (or inequality) to make some decision about the traffic,
unlike today where the result of a map lookup is only usable as the
right side of a statement (like dnat or snat) that actually uses the
value as input.
Signed-off-by: Brett Mastbergen <bmastbergen@xxxxxxxxxxxx>
---
src/evaluate.c | 2 +-
src/expression.c | 12 +++++++++++-
src/netlink_delinearize.c | 2 ++
src/parser_bison.y | 10 +++++++---
4 files changed, 21 insertions(+), 5 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 48c65cd2..59538f27 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1385,6 +1385,7 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
!set_is_datamap(map->mappings->set->flags))
return expr_error(ctx->msgs, map->mappings,
"Expression is not a map");
+ expr_set_context(&ctx->ectx, map->mappings->set->datatype, map->mappings->set->datalen);
break;
default:
BUG("invalid mapping expression %s\n",
@@ -1399,7 +1400,6 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
map->map->dtype->desc);
datatype_set(map, map->mappings->set->datatype);
- map->flags |= EXPR_F_CONSTANT;
/* Data for range lookups needs to be in big endian order */
if (map->mappings->set->flags & NFT_SET_INTERVAL &&
diff --git a/src/expression.c b/src/expression.c
index cb49e0b7..e5979394 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -1067,8 +1067,18 @@ static const struct expr_ops set_ref_expr_ops = {
struct expr *set_ref_expr_alloc(const struct location *loc, struct set *set)
{
struct expr *expr;
+ const struct datatype *dtype;
+ unsigned int len;
- expr = expr_alloc(loc, EXPR_SET_REF, set->key->dtype, 0, 0);
+ if (set->flags & NFT_SET_MAP) {
+ dtype = set->datatype;
+ len = set->datalen;
+ } else {
+ dtype = set->key->dtype;
+ len = set->key->len;
+ }
+
+ expr = expr_alloc(loc, EXPR_SET_REF, dtype, 0, len);
expr->set = set_get(set);
expr->flags |= EXPR_F_CONSTANT;
return expr;
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index fc2574b1..b70433f0 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -341,6 +341,8 @@ static void netlink_parse_lookup(struct netlink_parse_ctx *ctx,
if (nftnl_expr_is_set(nle, NFTNL_EXPR_LOOKUP_DREG)) {
dreg = netlink_parse_register(nle, NFTNL_EXPR_LOOKUP_DREG);
expr = map_expr_alloc(loc, left, right);
+ expr_set_type(expr, right->dtype, right->byteorder);
+ expr->len = right->len;
if (dreg != NFT_REG_VERDICT)
return netlink_set_register(ctx, dreg, expr);
} else {
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 53e66952..9b998d65 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -668,8 +668,8 @@ int nft_lex(void *, void *, void *);
%type <expr> concat_expr
%destructor { expr_free($$); } concat_expr
-%type <expr> map_expr
-%destructor { expr_free($$); } map_expr
+%type <expr> map_expr map_lhs_expr
+%destructor { expr_free($$); } map_expr map_lhs_expr
%type <expr> verdict_map_stmt
%destructor { expr_free($$); } verdict_map_stmt
@@ -3378,7 +3378,11 @@ multiton_rhs_expr : prefix_rhs_expr
| wildcard_expr
;
-map_expr : concat_expr MAP rhs_expr
+map_lhs_expr : concat_expr
+ | map_expr
+ ;
+
+map_expr : map_lhs_expr MAP rhs_expr
{
$$ = map_expr_alloc(&@$, $1, $3);
}
--
2.17.1
