On Wed, Aug 21, 2019 at 11:25:59AM +0200, Phil Sutter wrote:
> Allow for closer inspection by storing payload expression's base and
> length values. Also facilitate for two consecutive payload expressions
> as LHS of a (cmp/lookup) statement as used with concatenations.
>
> Signed-off-by: Phil Sutter <phil@xxxxxx>
> ---
> iptables/nft-shared.c | 8 ++++++++
> iptables/nft-shared.h | 4 +++-
> 2 files changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
> index d5984d0577ed1..0f8cabf9abcc7 100644
> --- a/iptables/nft-shared.c
> +++ b/iptables/nft-shared.c
> @@ -445,8 +445,16 @@ static void nft_parse_meta(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
>
> static void nft_parse_payload(struct nft_xt_ctx *ctx, struct nftnl_expr *e)
> {
> + if (ctx->flags & NFT_XT_CTX_PAYLOAD) {
> + memcpy(&ctx->prev_payload, &ctx->payload,
> + sizeof(ctx->prev_payload));
> + ctx->flags |= NFT_XT_CTX_PREV_PAYLOAD;
> + }
>
> ctx->reg = nftnl_expr_get_u32(e, NFTNL_EXPR_META_DREG);
> + ctx->payload.base = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_BASE);
> ctx->payload.offset = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_OFFSET);
> + ctx->payload.len = nftnl_expr_get_u32(e, NFTNL_EXPR_PAYLOAD_LEN);
> ctx->flags |= NFT_XT_CTX_PAYLOAD;
> }
>
> diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
> index ff3beef1af0de..cb7eea6208cd2 100644
> --- a/iptables/nft-shared.h
> +++ b/iptables/nft-shared.h
> @@ -43,6 +43,7 @@ enum {
> NFT_XT_CTX_META = (1 << 1),
> NFT_XT_CTX_BITWISE = (1 << 2),
> NFT_XT_CTX_IMMEDIATE = (1 << 3),
> + NFT_XT_CTX_PREV_PAYLOAD = (1 << 4),
Why does ebt among needs this?
