Revert "evaluate: relax type-checking for integer arguments in mark statements"

This patch reverts eab3eb7f146c ("evaluate: relax type-checking for
integer arguments in mark statements") since it might cause ruleset
portability issues when moving a ruleset from little to big endian
host (and vice-versa).

Let's revert this until we agree on what to do in this case.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 47caf3b0d7167418e68298f5586cba9a21111bde..edc3c5cb04f35ffccc0f4def14fd245006c5d311 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2733,12 +2733,8 @@ static int __stmt_evaluate_arg(struct eval_ctx *ctx, struct stmt *stmt,
                                         "expression has type %s with length %d",
                                         dtype->desc, (*expr)->dtype->desc,
                                         (*expr)->len);
-
-       if ((dtype->type == TYPE_MARK &&
-            !datatype_equal(datatype_basetype(dtype), datatype_basetype((*expr)->dtype))) ||
-           (dtype->type != TYPE_MARK &&
-            (*expr)->dtype->type != TYPE_INTEGER &&
-            !datatype_equal((*expr)->dtype, dtype)))
+       else if ((*expr)->dtype->type != TYPE_INTEGER &&
+                !datatype_equal((*expr)->dtype, dtype))
                return stmt_binary_error(ctx, *expr, stmt,              /* verdict vs invalid? */
                                         "datatype mismatch: expected %s, "
                                         "expression has type %s",

diff --git a/tests/py/ip/meta.t b/tests/py/ip/meta.t
index 85eaf54ce72339031a69aaf9cbfd9b75c71c5e2d..5a05923a1ce135efba48868d43b13c007b9ccfce 100644 (file)
--- a/tests/py/ip/meta.t
+++ b/tests/py/ip/meta.t
@@ -15,5 +15,3 @@ meta obrname "br0";fail
 
 meta sdif "lo" accept;ok
 meta sdifname != "vrf1" accept;ok
-
-meta mark set ip dscp;ok

diff --git a/tests/py/ip/meta.t.json b/tests/py/ip/meta.t.json
index a93d7e781ce1123121140a2cf26bff8c1434fb45..3df31ce381fc80e7c7ac520402a3c166ce68d5d5 100644 (file)
--- a/tests/py/ip/meta.t.json
+++ b/tests/py/ip/meta.t.json
@@ -156,23 +156,3 @@
         }
     }
 ]
-
-# meta mark set ip dscp
-[
-    {
-        "mangle": {
-            "key": {
-                "meta": {
-                    "key": "mark"
-                }
-            },
-            "value": {
-                "payload": {
-                    "field": "dscp",
-                    "protocol": "ip"
-                }
-            }
-        }
-    }
-]
-

diff --git a/tests/py/ip/meta.t.payload b/tests/py/ip/meta.t.payload
index 1aa8d003b1d44ab5aeaa5f63b93be8cea33edc1f..afde5cc13ac5e0334d20046846342327028109f5 100644 (file)
--- a/tests/py/ip/meta.t.payload
+++ b/tests/py/ip/meta.t.payload
@@ -51,11 +51,3 @@ ip test-ip4 input
   [ cmp eq reg 1 0x00000011 ]
   [ payload load 2b @ transport header + 2 => reg 1 ]
   [ cmp eq reg 1 0x00004300 ]
-
-# meta mark set ip dscp
-ip test-ip4 input
-  [ payload load 1b @ network header + 1 => reg 1 ]
-  [ bitwise reg 1 = ( reg 1 & 0x000000fc ) ^ 0x00000000 ]
-  [ bitwise reg 1 = ( reg 1 >> 0x00000002 ) ]
-  [ meta set mark with reg 1 ]
-