git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 7 Feb 2024 22:53:32 +0000 (23:53 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 9 Feb 2024 15:56:04 +0000 (16:56 +0100)
commit	9fe58952c45a1643dc7df1a0b1f5d88e8ae1a978
tree	444a071b295eb3fab8ed1e578fe391ea7079ae44	tree
parent	da28f381537415d3278bd0399175b6d82fc14200	commit \| diff

evaluate: skip byteorder conversion for selector smaller than 2 bytes

Add unary expression to trigger byteorder conversion for host byteorder
selectors only if selectors length is larger or equal than 2 bytes.

# cat test.nft
table ip x {
        set test {
                type ipv4_addr . ether_addr . inet_proto
                flags interval
        }

        chain y {
                ip saddr . ether saddr . meta l4proto @test counter
        }
}

# nft -f test.nft
ip x y
  [ meta load iiftype => reg 1 ]
  [ cmp eq reg 1 0x00000001 ]
  [ payload load 4b @ network header + 12 => reg 1 ]
  [ payload load 6b @ link header + 6 => reg 9 ]
  [ meta load l4proto => reg 11 ]
  [ byteorder reg 11 = hton(reg 11, 2, 1) ] <--- should not be here
  [ lookup reg 1 set test ]
  [ counter pkts 0 bytes 0 ]

Fixes: 1017d323cafa ("src: support for selectors with different byteorder with interval concatenations")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/evaluate.c		diff \| blob \| blame \| history
tests/py/inet/meta.t		diff \| blob \| blame \| history
tests/py/inet/meta.t.json		diff \| blob \| blame \| history
tests/py/inet/meta.t.json.output		diff \| blob \| blame \| history
tests/py/inet/meta.t.payload		diff \| blob \| blame \| history