]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4a7973e)
netlink: only drop mask if it matches left known-size operand
authorFlorian Westphal <fw@strlen.de>
Mon, 4 Jan 2016 19:53:52 +0000 (20:53 +0100)
committerFlorian Westphal <fw@strlen.de>
Mon, 4 Jan 2016 19:53:52 +0000 (20:53 +0100)
During delinearization we attempt to remove masks, for instance
ip saddr $x/32. (mask matches the entire size).

However, in some special cases the lhs size is unknown (0), this
happens f.e. with

'ct saddr original 1.2.3.4/24' which had its '/24' chopped off.

Signed-off-by: Florian Westphal <fw@strlen.de>
src/netlink_delinearize.c patch | blob | blame | history

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index c4ffab507e8cb7242695040399fd9642aa617b50..841be6090a67aaa41034c2d2803b055ca00d455c 100644 (file)
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -331,12 +331,14 @@ static void netlink_parse_bitwise(struct netlink_parse_ctx *ctx,
                mpz_ior(m, m, o);
        }
 
-       if (mpz_scan0(m, 0) != left->len) {
+       if (left->len > 0 && mpz_scan0(m, 0) == left->len) {
+               /* mask encompasses the entire value */
+               expr_free(mask);
+       } else {
                mpz_set(mask->value, m);
                expr = binop_expr_alloc(loc, OP_AND, expr, mask);
                expr->len = left->len;
-       } else
-               expr_free(mask);
+       }
 
        if (mpz_cmp_ui(x, 0)) {
                mpz_set(xor->value, x);
Mirror of git://git.netfilter.org/nftables