diff options
| author | Florian Westphal <fw@strlen.de> | 2023-05-12 14:19:47 +0200 |
|---|---|---|
| committer | Florian Westphal <fw@strlen.de> | 2023-05-18 08:48:54 +0200 |
| commit | a4878eeae39048e6abe85891c714b49dc13fc08c (patch) | |
| tree | ac0dfa0ca6247f2f6448b52f406135feef9c1491 /tools/perf/scripts/python/exported-sql-viewer.py | |
| parent | b50a8b0d57ab1ef11492171e98a030f48682eac3 (diff) | |
netfilter: nf_tables: relax set/map validation checks
Its currently not allowed to perform queries on a map, for example:
table t {
map m {
typeof ip saddr : meta mark
..
chain c {
ip saddr @m counter
will fail, because kernel requires that userspace provides a destination
register when the referenced set is a map.
However, internally there is no real distinction between sets and maps,
maps are just sets where each key is associated with a value.
Relax this so that maps can be used just like sets.
This allows to have rules that query if a given key exists
without making use of the associated value.
This also permits != checks which don't work for map lookups.
When no destination reg is given for a map, then permit this for named
maps.
Data and dump paths need to be updated to consider priv->dreg_set
instead of the 'set-is-a-map' check.
Checks in reduce and validate callbacks are not changed, this
can be relaxed later if a need arises.
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tools/perf/scripts/python/exported-sql-viewer.py')
0 files changed, 0 insertions, 0 deletions