commit
070ec7ce350f8139f9b97dbcb78ad1d7b7bf1196 upstream.
Without this,
typeof meta l4proto . ip saddr . tcp sport : limit
... is shown as
type inet_proto . ipv4_addr . inet_service : limit
The "data" element is a value (the object type number).
It doesn't support userinfo data.
There is no reason to add it, the value is the object type
number that the object-reference map stores.
So, if we have an objref map, DO NOT discard the key part,
as we do for normal maps.
For normal maps, we support either typeof notation, i.e.:
typeof meta l4proto . ip saddr . tcp sport : ip saddr
or the data type version:
type inet_proto . ipv4_addr . inet_service : ipv4_addr
... but not a mix, a hyptothetical
typeof meta l4proto . ip saddr . tcp sport : ipv4_addr
... does not work.
If nft finds no udata attached to the data element, for normal
map case, it has to fall back to the "type" form.
But for objref maps this is expected, udata for key but not for data.
Hence, for objref case, keep the typeof part if its valid.
Signed-off-by: Florian Westphal <fw@strlen.de>
}
list_splice_tail(&set_parse_ctx.stmt_list, &set->stmt_list);
+ set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
+
if (datatype) {
uint32_t dlen;
if (set_udata_key_valid(typeof_expr_data, dlen)) {
typeof_expr_data->len = klen;
set->data = typeof_expr_data;
+ typeof_expr_data = NULL;
+ } else if (set->flags & NFT_SET_OBJECT) {
+ set->data = constant_expr_alloc(&netlink_location,
+ dtype2,
+ databyteorder, klen,
+ NULL);
} else {
expr_free(typeof_expr_data);
set->data = constant_expr_alloc(&netlink_location,
NULL);
}
- set->flags = nftnl_set_get_u32(nls, NFTNL_SET_FLAGS);
set->handle.handle.id = nftnl_set_get_u64(nls, NFTNL_SET_HANDLE);
set->objtype = objtype;
projects / thirdparty / nftables.git / commitdiff
