All of lore.kernel.org
 help / color / mirror / Atom feed
From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>, Pablo Neira Ayuso <pablo@netfilter.org>
Subject: [PATCH nft v2 6/8] netlink_delinearize: also postprocess OP_AND in set element context
Date: Mon,  1 Aug 2022 15:56:31 +0200	[thread overview]
Message-ID: <20220801135633.5317-7-fw@strlen.de> (raw)
In-Reply-To: <20220801135633.5317-1-fw@strlen.de>

Pablo reports:
add rule netdev nt y update @macset { vlan id timeout 5s }

listing still shows the raw expression:
 update @macset { @ll,112,16 & 0xfff timeout 5s }

so also cover the 'set element' case.

Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
---
 v2: new.

 include/netlink.h                                  |  4 +++-
 src/netlink_delinearize.c                          |  2 ++
 .../sets/dumps/0070stacked_l2_headers.nft          | 14 ++++++++++++++
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/include/netlink.h b/include/netlink.h
index 71c888fa0b40..63d07edf419e 100644
--- a/include/netlink.h
+++ b/include/netlink.h
@@ -44,8 +44,10 @@ struct netlink_parse_ctx {
 
 
 #define RULE_PP_IN_CONCATENATION	(1 << 0)
+#define RULE_PP_IN_SET_ELEM		(1 << 1)
 
-#define RULE_PP_REMOVE_OP_AND		(RULE_PP_IN_CONCATENATION)
+#define RULE_PP_REMOVE_OP_AND		(RULE_PP_IN_CONCATENATION | \
+					 RULE_PP_IN_SET_ELEM)
 
 struct rule_pp_ctx {
 	struct proto_ctx	pctx;
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 8851043bf277..0da6cc78f94f 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2661,7 +2661,9 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
 		expr_postprocess(ctx, &expr->prefix);
 		break;
 	case EXPR_SET_ELEM:
+		ctx->flags |= RULE_PP_IN_SET_ELEM;
 		expr_postprocess(ctx, &expr->key);
+		ctx->flags &= ~RULE_PP_IN_SET_ELEM;
 		break;
 	case EXPR_EXTHDR:
 		exthdr_dependency_kill(&ctx->pdctx, expr, ctx->pctx.family);
diff --git a/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.nft b/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.nft
index ef254b96879e..0057e9c62e4d 100644
--- a/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.nft
+++ b/tests/shell/testcases/sets/dumps/0070stacked_l2_headers.nft
@@ -1,14 +1,28 @@
 table netdev nt {
+	set vlanidset {
+		typeof vlan id
+		size 1024
+		flags dynamic,timeout
+	}
+
 	set macset {
 		typeof ether saddr . vlan id
 		size 1024
 		flags dynamic,timeout
 	}
 
+	set ipset {
+		typeof vlan id . ip saddr
+		size 1024
+		flags dynamic,timeout
+	}
+
 	chain nc {
 		update @macset { ether saddr . vlan id timeout 5s } counter packets 0 bytes 0
 		ether saddr . vlan id @macset
 		vlan pcp 1
 		ether saddr 0a:0b:0c:0d:0e:0f vlan id 42
+		update @vlanidset { vlan id timeout 5s } counter packets 0 bytes 0
+		update @ipset { vlan id . ip saddr timeout 5s } counter packets 0 bytes 0
 	}
 }
-- 
2.35.1


  parent reply	other threads:[~2022-08-01 13:57 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2022-08-01 13:56 [PATCH nft v2 0/8] really handle stacked l2 headers Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 1/8] netlink_delinearize: allow postprocessing on concatenated elements Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 2/8] netlink_delinearize: postprocess binary ands in concatenations Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 3/8] proto: track full stack of seen l2 protocols, not just cumulative offset Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 4/8] debug: dump the l2 protocol stack Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 5/8] tests: add a test case for ether and vlan listing Florian Westphal
2022-08-01 13:56 ` Florian Westphal [this message]
2022-08-01 13:56 ` [PATCH nft v2 7/8] evaluate: search stacked header list for matching payload dep Florian Westphal
2022-08-01 13:56 ` [PATCH nft v2 8/8] src: allow anon set concatenation with ether and vlan Florian Westphal
2022-08-04 11:01 ` [PATCH nft v2 0/8] really handle stacked l2 headers Pablo Neira Ayuso
2022-08-04 11:07   ` Florian Westphal

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20220801135633.5317-7-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    --cc=pablo@netfilter.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.