@@ -192,6 +192,7 @@ const struct expr_ops *expr_ops_by_type(enum expr_types etype);
* @EXPR_F_INTERVAL_END: set member ends an open interval
* @EXPR_F_BOOLEAN: expression is boolean (set by relational expr on LHS)
* @EXPR_F_INTERVAL: expression describes a interval
+ * @EXPR_F_KERNEL: expression resides in the kernel
*/
enum expr_flags {
EXPR_F_CONSTANT = 0x1,
@@ -200,6 +201,7 @@ enum expr_flags {
EXPR_F_INTERVAL_END = 0x8,
EXPR_F_BOOLEAN = 0x10,
EXPR_F_INTERVAL = 0x20,
+ EXPR_F_KERNEL = 0x40,
};
#include <payload.h>
@@ -1286,6 +1286,7 @@ key_end:
}
expr = set_elem_expr_alloc(&netlink_location, key);
+ expr->flags |= EXPR_F_KERNEL;
if (nftnl_set_elem_is_set(nlse, NFTNL_SET_ELEM_TIMEOUT))
expr->timeout = nftnl_set_elem_get_u64(nlse, NFTNL_SET_ELEM_TIMEOUT);
@@ -826,6 +826,7 @@ static struct expr *__expr_to_set_elem(struct expr *low, struct expr *expr)
} else {
interval_expr_copy(elem, low);
}
+ elem->flags |= EXPR_F_KERNEL;
return elem;
}
@@ -1192,7 +1193,7 @@ void interval_map_decompose(struct expr *set)
if (!mpz_cmp_ui(range, 0)) {
if (expr_basetype(low)->type == TYPE_STRING)
mpz_switch_byteorder(expr_value(low)->value, low->len / BITS_PER_BYTE);
-
+ low->flags |= EXPR_F_KERNEL;
compound_expr_add(set, expr_get(low));
} else if (range_is_prefix(range) && !mpz_cmp_ui(p, 0)) {
struct expr *expr;
@@ -1239,6 +1240,8 @@ void interval_map_decompose(struct expr *set)
} else {
interval_expr_copy(i, low);
}
+ i->flags |= EXPR_F_KERNEL;
+
expr_free(low);
}
This allows to identify the set elements that reside in the kernel. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- include/expression.h | 2 ++ src/netlink.c | 1 + src/segtree.c | 5 ++++- 3 files changed, 7 insertions(+), 1 deletion(-)