On Wed, Aug 21, 2019 at 11:26:02AM +0200, Phil Sutter wrote:
[...]
> +/* Make sure previous payload expression(s) is/are consistent and extract if
> + * matching on source or destination address and if matching on MAC and IP or
> + * only MAC address. */
> +static int lookup_analyze_payloads(const struct nft_xt_ctx *ctx,
> + bool *dst, bool *ip)
> +{
> + int val, val2 = -1;
> +
> + if (ctx->flags & NFT_XT_CTX_PREV_PAYLOAD) {
Can you probably achieve this by storing protocol context?
Something like storing the current network base in the nft_xt_ctx
structure, rather than the last payload that you have seen.
>From the context you annotate, then among will find the information
that it needs in the context.
We can reuse this context later on to generate native tcp/udp/etc.
matching.
[...]
> +static int __add_nft_among(struct nft_handle *h, const char *table,
> + struct nftnl_rule *r, struct nft_among_pair *pairs,
> + int cnt, bool dst, bool inv, bool ip)
> +{
> + uint32_t set_id, type = 9, len = 6;
> + /* !dst, dst */
> + int eth_addr_off[] = { 6, 0 };
> + int ip_addr_off[] = { 12, 16 };
> + struct nftnl_expr *e;
> + struct nftnl_set *s;
> + int idx = 0;
> +
> + if (ip) {
> + type = type << 6 | 7;
> + len += 4 + 2;
> + }
Magic numbers, please help me understand this.
I think this is the way to go, let's just sort out these few glitches.
