This patch automatically removes the dependencies for exthdr and tcpopt.
# nft add rule filter input tcp option maxseg kind 3 counter.
# nft list table filter input
Before:
# ip protocol 6 tcp option maxseg kind 3 counter
After:
# tcp option maxseg kind 3 counter
Thus allowing to write tests as follows:
# tcp option maxseg kind 3;ok
Signed-off-by: Manuel Messner <mm@skelett.io>
Signed-off-by: Florian Westphal <fw@strlen.de>
enum proto_bases base);
extern void payload_dependency_kill(struct payload_dep_ctx *ctx,
struct expr *expr);
+extern void exthdr_dependency_kill(struct payload_dep_ctx *ctx,
+ struct expr *expr);
extern bool payload_can_merge(const struct expr *e1, const struct expr *e2);
extern struct expr *payload_expr_join(const struct expr *e1,
expr_postprocess(ctx, &expr->key);
break;
case EXPR_EXTHDR:
- __payload_dependency_kill(&ctx->pdctx, PROTO_BASE_NETWORK_HDR);
+ exthdr_dependency_kill(&ctx->pdctx, expr);
break;
case EXPR_SET_REF:
case EXPR_META:
__payload_dependency_kill(ctx, expr->payload.base);
}
+void exthdr_dependency_kill(struct payload_dep_ctx *ctx, struct expr *expr)
+{
+ switch (expr->exthdr.op) {
+ case NFT_EXTHDR_OP_TCPOPT:
+ __payload_dependency_kill(ctx, PROTO_BASE_TRANSPORT_HDR);
+ break;
+ case NFT_EXTHDR_OP_IPV6:
+ __payload_dependency_kill(ctx, PROTO_BASE_NETWORK_HDR);
+ break;
+ default:
+ break;
+ }
+}
+
/**
* payload_expr_complete - fill in type information of a raw payload expr
*
projects / thirdparty / nftables.git / commitdiff
