On Thu, Dec 15, 2022 at 05:17:52PM +0100, Phil Sutter wrote: > Abort the program when encountering rules with unsupported matches. > > While nft_is_table_compatible() tries to catch this situation, it boils > down to merely accepting or rejecting expressions based on type. Yet > these may still be used in incompatible ways. > > Patch 1 fixes for payload matches on ICMP(v6) headers and is almost > independent of the rest. > > Patch 2 prepares arptables rule parsing for the error message added by > patch 3. > > Patch 3 makes various situations complain by emitting error messages. It > was compiled after reviewing all callees of rule_to_cs callback for > unhandled unexpected input. > > Patch 5 then finally does it's thing. > > Phil Sutter (4): > nft: Parse icmp header matches > arptables: Check the mandatory ar_pln match > nft: Increase rule parser strictness > nft: Make rule parsing errors fatal Series applied.
