From: Florian Westphal Date: Fri, 6 Jun 2025 12:12:36 +0000 (+0200) Subject: evaluate: rename recursion counter to recursion.binop X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=10b44319a53a131ed943e2b6eeb62d197178bf4d;p=thirdparty%2Fnftables.git evaluate: rename recursion counter to recursion.binop The existing recursion counter is used by the binop expression to detect if we've completely followed all the binops. We can only chain up to NFT_MAX_EXPR_RECURSION binops, but the evaluation step can perform constant-folding, so we must recurse until we found the rightmost (last) binop in the chain. Then we can check the post-eval chain to see if it is something that can be serialized later (i.e., if we are within the NFT_MAX_EXPR_RECURSION after constant folding) or not. Thus we can't reuse the existing ctx->recursion counter for other expressions; entering the initial expr_evaluate_binop with ctx->recursion > 0 would break things. Therefore rename this to an embedded structure. This allows us to add a new recursion counter in a followup patch. Signed-off-by: Florian Westphal --- diff --git a/include/rule.h b/include/rule.h index 85a0d9c0..e7e80a41 100644 --- a/include/rule.h +++ b/include/rule.h @@ -756,6 +756,10 @@ extern void cmd_free(struct cmd *cmd); #include #include +struct eval_recursion { + uint16_t binop; +}; + /** * struct eval_ctx - evaluation context * @@ -767,7 +771,7 @@ extern void cmd_free(struct cmd *cmd); * @set: current set * @stmt: current statement * @stmt_len: current statement template length - * @recursion: expr evaluation recursion counter + * @recursion: expr evaluation recursion counters * @cache: cache context * @debug_mask: debugging bitmask * @ectx: expression context @@ -783,7 +787,7 @@ struct eval_ctx { struct set *set; struct stmt *stmt; uint32_t stmt_len; - uint32_t recursion; + struct eval_recursion recursion; struct expr_ctx ectx; struct proto_ctx _pctx[2]; const struct proto_desc *inner_desc; diff --git a/src/evaluate.c b/src/evaluate.c index 872a9e0d..77bdb9cd 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1520,11 +1520,11 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) unsigned int max_shift_len = ctx->ectx.len; int ret = -1; - if (ctx->recursion >= USHRT_MAX) + if (ctx->recursion.binop >= USHRT_MAX) return expr_binary_error(ctx->msgs, op, NULL, "Binary operation limit %u reached ", - ctx->recursion); - ctx->recursion++; + ctx->recursion.binop); + ctx->recursion.binop++; if (expr_evaluate(ctx, &op->left) < 0) return -1; @@ -1609,7 +1609,7 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) } - if (ctx->recursion == 0) + if (ctx->recursion.binop == 0) BUG("recursion counter underflow"); /* can't check earlier: evaluate functions might do constant-merging + expr_free. @@ -1617,7 +1617,7 @@ static int expr_evaluate_binop(struct eval_ctx *ctx, struct expr **expr) * So once we've evaluate everything check for remaining length of the * binop chain. */ - if (--ctx->recursion == 0) { + if (--ctx->recursion.binop == 0) { unsigned int to_linearize = 0; op = *expr;