From patchwork Thu Jul 18 03:39:39 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Phil Sutter X-Patchwork-Id: 1133519 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=nwl.cc Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 45q0J22KRBz9s00 for ; Thu, 18 Jul 2019 13:39:46 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389534AbfGRDjp (ORCPT ); Wed, 17 Jul 2019 23:39:45 -0400 Received: from orbyte.nwl.cc ([151.80.46.58]:33902 "EHLO orbyte.nwl.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2389086AbfGRDjp (ORCPT ); Wed, 17 Jul 2019 23:39:45 -0400 Received: from localhost ([::1]:46992 helo=tatos) by orbyte.nwl.cc with esmtp (Exim 4.91) (envelope-from ) id 1hnxGi-0008Qq-7c; Thu, 18 Jul 2019 05:39:44 +0200 From: Phil Sutter To: Pablo Neira Ayuso Cc: netfilter-devel@vger.kernel.org Subject: [nft PATCH 2/3] meta: Reject nfproto value 0xffff Date: Thu, 18 Jul 2019 05:39:39 +0200 Message-Id: <20190718033940.12820-2-phil@nwl.cc> X-Mailer: git-send-email 2.22.0 In-Reply-To: <20190718033940.12820-1-phil@nwl.cc> References: <20190718033940.12820-1-phil@nwl.cc> MIME-Version: 1.0 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Since parsing of arphrd_type happens via sym_tbl, there is no dedicated parser function to perform the check in. So instead make use of maxval in expr_ctx to reject the value. While being at it, introduce a switch() to check for meta.key value in a single place. Signed-off-by: Phil Sutter --- src/evaluate.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index 55cd9d00d274c..ff52aefc669e0 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -23,6 +23,7 @@ #include #include #include +#include #include #include @@ -1795,14 +1796,25 @@ static int expr_evaluate_fib(struct eval_ctx *ctx, struct expr **exprp) static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp) { struct expr *meta = *exprp; + unsigned int maxval = 0; - if (ctx->pctx.family != NFPROTO_INET && - meta->flags & EXPR_F_PROTOCOL && - meta->meta.key == NFT_META_NFPROTO) + switch (meta->meta.key) { + case NFT_META_NFPROTO: + if (ctx->pctx.family == NFPROTO_INET || + !(meta->flags & EXPR_F_PROTOCOL)) + break; return expr_error(ctx->msgs, meta, - "meta nfproto is only useful in the inet family"); - - return expr_evaluate_primary(ctx, exprp); + "meta nfproto is only useful in the inet family"); + case NFT_META_IIFTYPE: + case NFT_META_OIFTYPE: + maxval = ARPHRD_VOID - 1; + break; + default: + break; + } + __expr_set_context(&ctx->ectx, (*exprp)->dtype, (*exprp)->byteorder, + (*exprp)->len, maxval); + return 0; } static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)