From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nftables 5/9] src: make interval sets work with string datatypes
Date: Sat, 9 Apr 2022 15:58:28 +0200 [thread overview]
Message-ID: <20220409135832.17401-6-fw@strlen.de> (raw)
In-Reply-To: <20220409135832.17401-1-fw@strlen.de>
Allows to interface names in interval sets:
table inet filter {
set s {
type ifname
flags interval
elements = { eth*, foo }
}
Concatenations are not yet supported, also, listing is broken,
those strings will not be printed back because the values will remain
in big-endian order. Followup patch will extend segtree to translate
this back to host byte order.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/expression.c | 8 ++++++--
src/segtree.c | 30 ++++++++++++++++++++++++++----
2 files changed, 32 insertions(+), 6 deletions(-)
diff --git a/src/expression.c b/src/expression.c
index deb649e1847b..5d879b535990 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -1442,7 +1442,11 @@ void range_expr_value_low(mpz_t rop, const struct expr *expr)
{
switch (expr->etype) {
case EXPR_VALUE:
- return mpz_set(rop, expr->value);
+ mpz_set(rop, expr->value);
+ if (expr->byteorder == BYTEORDER_HOST_ENDIAN &&
+ expr_basetype(expr)->type == TYPE_STRING)
+ mpz_switch_byteorder(rop, expr->len / BITS_PER_BYTE);
+ return;
case EXPR_PREFIX:
return range_expr_value_low(rop, expr->prefix);
case EXPR_RANGE:
@@ -1462,7 +1466,7 @@ void range_expr_value_high(mpz_t rop, const struct expr *expr)
switch (expr->etype) {
case EXPR_VALUE:
- return mpz_set(rop, expr->value);
+ return range_expr_value_low(rop, expr);
case EXPR_PREFIX:
range_expr_value_low(rop, expr->prefix);
assert(expr->len >= expr->prefix_len);
diff --git a/src/segtree.c b/src/segtree.c
index 188cafedce45..b4e76bf530d6 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -70,12 +70,30 @@ struct elementary_interval {
struct expr *expr;
};
+static enum byteorder get_key_byteorder(const struct expr *e)
+{
+ enum datatypes basetype = expr_basetype(e)->type;
+
+ switch (basetype) {
+ case TYPE_INTEGER:
+ /* For ranges, integers MUST be in BYTEORDER_BIG_ENDIAN.
+ * If the LHS (lookup key, e.g. 'meta mark', is host endian,
+ * a byteorder expression is injected to convert the register
+ * content before lookup.
+ */
+ return BYTEORDER_BIG_ENDIAN;
+ case TYPE_STRING:
+ return BYTEORDER_HOST_ENDIAN;
+ default:
+ break;
+ }
+
+ return BYTEORDER_INVALID;
+}
+
static void seg_tree_init(struct seg_tree *tree, const struct set *set,
struct expr *init, unsigned int debug_mask)
{
- struct expr *first;
-
- first = list_entry(init->expressions.next, struct expr, list);
tree->root = RB_ROOT;
tree->keytype = set->key->dtype;
tree->keylen = set->key->len;
@@ -85,7 +103,8 @@ static void seg_tree_init(struct seg_tree *tree, const struct set *set,
tree->datatype = set->data->dtype;
tree->datalen = set->data->len;
}
- tree->byteorder = first->byteorder;
+
+ tree->byteorder = get_key_byteorder(set->key);
tree->debug_mask = debug_mask;
}
@@ -608,6 +627,9 @@ static void set_insert_interval(struct expr *set, struct seg_tree *tree,
expr = constant_expr_alloc(&internal_location, tree->keytype,
tree->byteorder, tree->keylen, NULL);
mpz_set(expr->value, ei->left);
+ if (tree->byteorder == BYTEORDER_HOST_ENDIAN)
+ mpz_switch_byteorder(expr->value, expr->len / BITS_PER_BYTE);
+
expr = set_elem_expr_alloc(&internal_location, expr);
if (ei->expr != NULL) {
--
2.35.1
next prev parent reply other threads:[~2022-04-09 13:59 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-04-09 13:58 [PATCH nftables 0/9] nftables: add support for wildcard string as set keys Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 1/9] evaluate: make byteorder conversion on string base type a no-op Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 2/9] evaluate: keep prefix expression length Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 3/9] segtree: split prefix and range creation to a helper function Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 4/9] evaluate: string prefix expression must retain original length Florian Westphal
2022-04-09 13:58 ` Florian Westphal [this message]
2022-04-12 23:46 ` [PATCH nftables 5/9] src: make interval sets work with string datatypes Pablo Neira Ayuso
2022-04-09 13:58 ` [PATCH nftables 6/9] segtree: add string "range" reversal support Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 7/9] tests: add testcases for interface names in sets Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 8/9] segtree: use correct byte order for 'element get' Florian Westphal
2022-04-09 13:58 ` [PATCH nftables 9/9] segtree: add support for get element with sets that contain ifnames Florian Westphal
2022-04-12 22:17 ` [PATCH nftables 0/9] nftables: add support for wildcard string as set keys Pablo Neira Ayuso
2022-04-12 22:43 ` Florian Westphal
2022-04-12 23:08 ` Pablo Neira Ayuso
2022-04-12 23:30 ` Florian Westphal
2022-04-12 23:41 ` Pablo Neira Ayuso
2022-04-13 0:02 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220409135832.17401-6-fw@strlen.de \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.