icmp and icmpv6 protocol header are special, they have overlapping
fields whose interpretation (or existence) depends on the icmp type.
This series allows nft to automatically add the dependency so that
the type-dependant field is not evaluated for any type.
Support for dependency removal is also added, but not for id/sequence.
Those need to check for both echo and echo reply, we'd have to extend
the delinearization step to also check relational expressions with
a non-constant RHS.
For now, the test cases are amended to expect the depenency, i.e.
'icmp id 42' will expect 'icmp type {echo-reply, echo-request} icmp id 42'
as the output.
Also add test cases to cover both id/sequence in same rule (payload
merging is used for those) and add a test with a rule that already
contains a type match.
Florian Westphal (10):
exthdr: remove unused proto_key member from struct
proto: reduce size of proto_desc structure
src: add auto-dependencies for ipv4 icmp
tests: fix exepcted payload of icmp expressions
src: add auto-dependencies for ipv6 icmp6
tests: fix exepcted payload of icmpv6 expressions
payload: auto-remove simple icmp/icmpv6 dependency expressions
tests: icmp, icmpv6: avoid remaining warnings
tests: ip: add one test case to cover both id and sequence
tests: icmp, icmpv6: check we don't add second dependency
include/exthdr.h | 1 -
include/payload.h | 7 +-
include/proto.h | 34 +++--
src/evaluate.c | 20 ++-
src/exthdr.c | 4 -
src/netlink_delinearize.c | 3 +
src/parser_bison.y | 1 -
src/payload.c | 210 +++++++++++++++++++++++++++++-
src/proto.c | 45 ++++---
tests/py/ip/icmp.t | 38 +++---
tests/py/ip/icmp.t.payload.ip | 155 +++++++++++++++++++++-
tests/py/ip6/icmpv6.t | 42 +++---
tests/py/ip6/icmpv6.t.payload.ip6 | 116 +++++++++++++++--
13 files changed, 588 insertions(+), 88 deletions(-)
--
2.26.2
