@@ -23,6 +23,7 @@
#include <netinet/icmp6.h>
#include <net/ethernet.h>
#include <net/if.h>
+#include <net/if_arp.h>
#include <errno.h>
#include <expression.h>
@@ -1795,14 +1796,25 @@ static int expr_evaluate_fib(struct eval_ctx *ctx, struct expr **exprp)
static int expr_evaluate_meta(struct eval_ctx *ctx, struct expr **exprp)
{
struct expr *meta = *exprp;
+ unsigned int maxval = 0;
- if (ctx->pctx.family != NFPROTO_INET &&
- meta->flags & EXPR_F_PROTOCOL &&
- meta->meta.key == NFT_META_NFPROTO)
+ switch (meta->meta.key) {
+ case NFT_META_NFPROTO:
+ if (ctx->pctx.family == NFPROTO_INET ||
+ !(meta->flags & EXPR_F_PROTOCOL))
+ break;
return expr_error(ctx->msgs, meta,
- "meta nfproto is only useful in the inet family");
-
- return expr_evaluate_primary(ctx, exprp);
+ "meta nfproto is only useful in the inet family");
+ case NFT_META_IIFTYPE:
+ case NFT_META_OIFTYPE:
+ maxval = ARPHRD_VOID - 1;
+ break;
+ default:
+ break;
+ }
+ __expr_set_context(&ctx->ectx, (*exprp)->dtype, (*exprp)->byteorder,
+ (*exprp)->len, maxval);
+ return 0;
}
static int expr_evaluate_socket(struct eval_ctx *ctx, struct expr **expr)
Since parsing of arphrd_type happens via sym_tbl, there is no dedicated parser function to perform the check in. So instead make use of maxval in expr_ctx to reject the value. While being at it, introduce a switch() to check for meta.key value in a single place. Signed-off-by: Phil Sutter <phil@nwl.cc> --- src/evaluate.c | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-)