git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Thu, 27 Feb 2025 14:52:09 +0000 (15:52 +0100)
committer	Florian Westphal <fw@strlen.de>
	Thu, 6 Mar 2025 03:55:43 +0000 (04:55 +0100)
commit	01fe0f07a0ed9b3882fed82dcdfbae0ab1a3b04e
tree	dfbf0428b0d76d3c098e1dfc7759d99aa8d23ab7	tree
parent	3d6ad54dbc74449e171823cdaf9d43cd41721b8d	commit \| diff

netlink_delinearize: also consider exthdr type when trimming binops

This allows trimming the binop for exthdrs, this will make nft render
   (tcp option mptcp unknown & 240) >> 4 . ip saddr @s1

as
    tcp option mptcp subtype . ip saddr @s1

Also extend the typeof set tests with a set concatenating a
sub-byte-sized exthdr expression with a payload one.

The additional call to expr_postprocess() is needed, without this,
typeof_sets_0.nft fails because
  frag frag-off @s4 accept

is shown as
meta nfproto ipv6 frag frag-off @s4 accept

Previouly, EXPR_EXTHDR would cause payload_binop_postprocess()
to return false which will then make the caller invoke
expr_postprocess(), but after handling EXPR_EXTHDR this doesn't happen
anymore.

Signed-off-by: Florian Westphal <fw@strlen.de>

src/netlink_delinearize.c		diff \| blob \| blame \| history
tests/shell/testcases/sets/dumps/typeof_sets_0.nft		diff \| blob \| blame \| history
tests/shell/testcases/sets/typeof_sets_0		diff \| blob \| blame \| history