[iptables PATCH] nft: Fix meta statement parsing

Phil Sutter <phil@xxxxxx> · Wed, 28 Sep 2022 18:23:00 +0200

The function nft_meta_set_to_target() would always bail since nothing
sets 'sreg->meta_sreg.set' to true. This is obvious, as the immediate
expression "filling" the source register does not indicate its purpose.

The whole source register purpose storing in meta_sreg seems to be
pointless, so drop it altogether.

Fixes: f315af1cf8871 ("nft: track each register individually")
Signed-off-by: Phil Sutter <phil@xxxxxx>
---
 iptables/nft-shared.c | 14 +++++++++-----
 iptables/nft-shared.h |  6 ------
 2 files changed, 9 insertions(+), 11 deletions(-)

diff --git a/iptables/nft-shared.c b/iptables/nft-shared.c
index 909fe6483205c..996cff996c151 100644
--- a/iptables/nft-shared.c
+++ b/iptables/nft-shared.c
@@ -503,10 +503,7 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx,
 	if (!sreg)
 		return;
 
-	if (sreg->meta_sreg.set == 0)
-		return;
-
-	switch (sreg->meta_sreg.key) {
+	switch (nftnl_expr_get_u32(e, NFTNL_EXPR_META_KEY)) {
 	case NFT_META_NFTRACE:
 		if ((sreg->type != NFT_XT_REG_IMMEDIATE)) {
 			ctx->errmsg = "meta nftrace but reg not immediate";
@@ -526,8 +523,10 @@ static void nft_meta_set_to_target(struct nft_xt_ctx *ctx,
 	}
 
 	target = xtables_find_target(targname, XTF_TRY_LOAD);
-	if (target == NULL)
+	if (target == NULL) {
+		ctx->errmsg = "target TRACE not found";
 		return;
+	}
 
 	size = XT_ALIGN(sizeof(struct xt_entry_target)) + target->size;
 
@@ -1303,6 +1302,11 @@ void nft_rule_to_iptables_command_state(struct nft_handle *h,
 		else if (strcmp(name, "range") == 0)
 			nft_parse_range(&ctx, expr);
 
+		if (ctx.errmsg) {
+			fprintf(stderr, "%s", ctx.errmsg);
+			ctx.errmsg = NULL;
+		}
+
 		expr = nftnl_expr_iter_next(iter);
 	}
 
diff --git a/iptables/nft-shared.h b/iptables/nft-shared.h
index c07d3270a407e..3d935d5324b01 100644
--- a/iptables/nft-shared.h
+++ b/iptables/nft-shared.h
@@ -68,11 +68,6 @@ struct nft_xt_ctx_reg {
 		uint32_t xor[4];
 		bool set;
 	} bitwise;
-
-	struct {
-		uint32_t key;
-		bool set;
-	} meta_sreg;
 };
 
 struct nft_xt_ctx {
@@ -118,7 +113,6 @@ static inline void nft_xt_reg_clear(struct nft_xt_ctx_reg *r)
 {
 	r->type = 0;
 	r->bitwise.set = false;
-	r->meta_sreg.set = false;
 }
 
 static inline struct nft_xt_ctx_reg *nft_xt_ctx_get_dreg(struct nft_xt_ctx *ctx, enum nft_registers reg)
-- 
2.34.1







