If user provides a numeric value larger than 0 or 1, match never
happens:
# nft --debug=netlink add rule x y tcp option sack-perm 4
ip x y
[ exthdr load tcpopt 1b @ 4 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000004 ]
After this update:
# nft --debug=netlink add rule x y tcp option sack-perm 4
ip x y
[ exthdr load tcpopt 1b @ 4 + 0 present => reg 1 ]
[ cmp eq reg 1 0x00000001 ]
This is to address a rare corner case, in case user specifies the
boolean value through the integer base type.
Fixes: 9fd9baba43c8 ("Introduce boolean datatype and boolean expression")
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/datatype.c | 24 ++++++++++++++++++++++++
1 file changed, 24 insertions(+)
diff --git a/src/datatype.c b/src/datatype.c
index 0c13bbd4270e..f347010f4a1a 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -1554,11 +1554,35 @@ static const struct symbol_table boolean_tbl = {
},
};
+static struct error_record *boolean_type_parse(struct parse_ctx *ctx,
+ const struct expr *sym,
+ struct expr **res)
+{
+ struct error_record *erec;
+ int num;
+
+ erec = integer_type_parse(ctx, sym, res);
+ if (erec)
+ return erec;
+
+ if (mpz_cmp_ui((*res)->value, 0))
+ num = 1;
+ else
+ num = 0;
+
+ expr_free(*res);
+
+ *res = constant_expr_alloc(&sym->location, &boolean_type,
+ BYTEORDER_HOST_ENDIAN, 1, &num);
+ return NULL;
+}
+
const struct datatype boolean_type = {
.type = TYPE_BOOLEAN,
.name = "boolean",
.desc = "boolean type",
.size = 1,
+ .parse = boolean_type_parse,
.basetype = &integer_type,
.sym_tbl = &boolean_tbl,
.json = boolean_type_json,
--
2.30.2
