This series makes typeof-sets work in corner cases such as
set s4 { typeof frag frag-off }
set s8 { typeof ip version }
frag frag-off @s4 accept
ip version @s8
Due to the shift/mask expressions needed to cope with these
delinearization can't figure out the correct payload/exthdr templates
and nft lists this as:
(frag unknown & 0xfff8 [invalid type]) >> 3 == @s4
(ip l4proto & pfsync) >> 4 == @s8
With this series, the mask/shift expressions are removed and
nft can print them in a readable way.
Florian Westphal (4):
tests: add shift+and typeof test cases
payload: skip templates with meta key set
netlink_delinearize: and/shift postprocessing
netlink_delinearize: zero shift removal
src/netlink_delinearize.c | 28 +++++++++++++++++++
src/payload.c | 3 ++
.../testcases/sets/dumps/typeof_sets_0.nft | 23 +++++++++++++++
tests/shell/testcases/sets/typeof_sets_0 | 22 +++++++++++++++
4 files changed, 76 insertions(+)
--
2.32.0
