netlink_delinearize: also consider exthdr type when trimming binops

author Florian Westphal <fw@strlen.de>

Thu, 27 Feb 2025 14:52:09 +0000 (15:52 +0100)

committer Florian Westphal <fw@strlen.de>

Thu, 6 Mar 2025 03:55:43 +0000 (04:55 +0100)
author Florian Westphal <fw@strlen.de>
Thu, 27 Feb 2025 14:52:09 +0000 (15:52 +0100)
committer Florian Westphal <fw@strlen.de>
Thu, 6 Mar 2025 03:55:43 +0000 (04:55 +0100)
diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c

index b629916ebff82e01a175280afb8f4cce0bb93743..698bae85c8ccd6e7ef36b5933e75f9b4c2842519 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2655,8 +2655,16 @@ static bool payload_binop_postprocess(struct rule_pp_ctx *ctx,
         if (expr->left->etype != EXPR_BINOP || expr->left->op != OP_AND)
                 return false;
  
-       if (expr->left->left->etype != EXPR_PAYLOAD)
+       switch (expr->left->left->etype) {
+       case EXPR_EXTHDR:
+               break;
+       case EXPR_PAYLOAD:
+               break;
+       default:
                 return false;
+       }
+
+       expr_postprocess(ctx, &expr->left->left);
  
         expr_set_type(expr->right, &integer_type,
                       BYTEORDER_HOST_ENDIAN);
diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft

index ed45d84a0effe603b7cb27ce93ef07107cc3d073..34aaab601cda310d3620d8fc876f2fbcc520456d 100644 (file)
--- a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft
+++ b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft
@@ -65,6 +65,12 @@ table inet t {
                 elements = { mp-join, dss }
         }
  
+       set s14 {
+               typeof tcp option mptcp subtype . ip daddr
+               elements = { remove-addr . 10.1.1.1,
+                            mp-join . 10.1.1.2 }
+       }
+
         chain c1 {
                 osf name @s1 accept
         }
@@ -112,4 +118,8 @@ table inet t {
         chain c13 {
                 tcp option mptcp subtype @s13 accept
         }
+
+       chain c14 {
+               tcp option mptcp subtype . ip saddr @s14 accept
+       }
  }
diff --git a/tests/shell/testcases/sets/typeof_sets_0 b/tests/shell/testcases/sets/typeof_sets_0

index 5ba7fc76ce15380303e3c3177e1f43b775c1a89f..ef2726db3b3068d14cd360d9601df9e87f500a6f 100755 (executable)
--- a/tests/shell/testcases/sets/typeof_sets_0
+++ b/tests/shell/testcases/sets/typeof_sets_0
@@ -124,6 +124,11 @@ INPUT="table inet t {$INPUT_OSF_SET
                 typeof tcp option mptcp subtype
                 elements = { mp-join, dss }
         }
+
+       set s14 {
+               typeof tcp option mptcp subtype . ip daddr
+               elements = { remove-addr . 10.1.1.1, mp-join . 10.1.1.2 }
+       }
  $INPUT_OSF_CHAIN
         chain c2 {
                 ether type vlan vlan id @s2 accept
@@ -157,6 +162,10 @@ $INPUT_VERSION_CHAIN
         chain c13 {
                 tcp option mptcp subtype @s13 accept
         }
+
+       chain c14 {
+               tcp option mptcp subtype . ip saddr @s14 accept
+       }
  }"
  
  EXPECTED="table inet t {$INPUT_OSF_SET
@@ -210,6 +219,12 @@ $INPUT_VERSION_SET
                 typeof tcp option mptcp subtype
                 elements = { mp-join, dss }
         }
+
+       set s14 {
+               typeof tcp option mptcp subtype . ip daddr
+               elements = { remove-addr . 10.1.1.1,
+                            mp-join . 10.1.1.2 }
+       }
  $INPUT_OSF_CHAIN
         chain c2 {
                 vlan id @s2 accept
@@ -242,6 +257,10 @@ $INPUT_SCTP_CHAIN$INPUT_VERSION_CHAIN
         chain c13 {
                 tcp option mptcp subtype @s13 accept
         }
+
+       chain c14 {
+               tcp option mptcp subtype . ip saddr @s14 accept
+       }
  }"
author	Florian Westphal <fw@strlen.de>
	Thu, 27 Feb 2025 14:52:09 +0000 (15:52 +0100)
committer	Florian Westphal <fw@strlen.de>
	Thu, 6 Mar 2025 03:55:43 +0000 (04:55 +0100)
src/netlink_delinearize.c		patch \| blob \| blame \| history
tests/shell/testcases/sets/dumps/typeof_sets_0.nft		patch \| blob \| blame \| history
tests/shell/testcases/sets/typeof_sets_0		patch \| blob \| blame \| history