evaluate: only try to replace dummy protocol from link-layer context

Add proto_is_dummy() that returns true for netdev and inet family, the
only two using a dummy link-layer protocol base definition.

Rename supersede_dep() to meta_iiftype_gen_dependency() since this is
generating the implicit meta iiftype check for netdev and inet.

This patch also gets rid of the have->length check. The tests pass fine
without this so I suspect this is superfluos.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 5ef035be23f52a44f6fa74b5cc6c4196fe38cad5..eb442d54811a573768245e3e2809889b9d82cdba 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -359,19 +359,14 @@ conflict_resolution_gen_dependency(struct eval_ctx *ctx, int protocol,
  * ip saddr adds meta dependency on ipv4 packets
  * ether saddr adds another dependeny on ethernet frames.
  */
-static int supersede_dep(struct eval_ctx *ctx, const struct proto_desc *have,
-                        struct expr *payload)
+static int meta_iiftype_gen_dependency(struct eval_ctx *ctx,
+                                      const struct proto_desc *have,
+                                      struct expr *payload)
 {
        enum proto_bases base = payload->payload.base;
        struct stmt *nstmt;
        uint16_t type;
 
-       if (payload->payload.base != PROTO_BASE_LL_HDR || have->length)
-               return 1;
-
-       if (have != &proto_inet && have != &proto_netdev)
-               return 1;
-
        if (proto_dev_type(payload->payload.desc, &type) < 0)
                return expr_error(ctx->msgs, payload,
                                  "protocol specification is invalid "
@@ -387,6 +382,11 @@ static int supersede_dep(struct eval_ctx *ctx, const struct proto_desc *have,
        return 0;
 }
 
+static bool proto_is_dummy(const struct proto_desc *desc)
+{
+       return desc == &proto_inet || desc == &proto_netdev;
+}
+
 static int resolve_protocol_conflict(struct eval_ctx *ctx,
                                     const struct proto_desc *desc,
                                     struct expr *payload)
@@ -395,9 +395,12 @@ static int resolve_protocol_conflict(struct eval_ctx *ctx,
        struct stmt *nstmt = NULL;
        int link, err;
 
-       err = supersede_dep(ctx, desc, payload);
-       if (err <= 0)
-               return err;
+       if (payload->payload.base == PROTO_BASE_LL_HDR &&
+           proto_is_dummy(desc)) {
+               err = meta_iiftype_gen_dependency(ctx, desc, payload);
+               if (err <= 0)
+                       return err;
+       }
 
        if (base < PROTO_BASE_MAX) {
                const struct proto_desc *next = ctx->pctx.protocol[base + 1].desc;