nftables/SOURCES/0032-datatype-add-stolen-verdict.patch

From 14c526641e1fdec01f345c8d9f22fff809e59790 Mon Sep 17 00:00:00 2001
From: Florian Westphal <fw@strlen.de>
Date: Tue, 12 Jun 2018 18:39:13 +0200
Subject: [PATCH] datatype: add stolen verdict

using fwd statement causes crash when using nft trace:

 trace id ddbbaae2 netdev vpn ingress_out packet: iif "enp2s0" ether saddr 78:54:00:29:bb:aa ether daddr 52:54:00:01:53:9f ip saddr 85.14.236.41 ip daddr 17.25.63.98 ip dscp cs0 ip ecn not-ect ip ttl 64 ip id 49036 ip length 84 icmp type echo-reply icmp code 0 icmp id 16947 icmp sequence 4
 trace id ddbbaae2 netdev vpn ingress_out rule ip saddr 85.14.236.41 nftrace set 1 (verdict continue)
 trace id ddbbaae2 netdev vpn ingress_out rule ip saddr 85.14.236.41 ether saddr set aa:bb:00:18:cc:dd ether daddr set 00:00:5e:00:00:11 fwd to "enp1s0"
 BUG: invalid verdict value 2
 nft: datatype.c:282: verdict_type_print: Assertion `0' failed.

ADd stolen verdict (2) and remove the BUG statement.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1261
Signed-off-by: Florian Westphal <fw@strlen.de>
(cherry picked from commit bbbed9f3175c5260332ae7e6800b3a6791418fd2)
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
 src/datatype.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/datatype.c b/src/datatype.c
index c77d228e95a1e..209044539bb84 100644
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -280,8 +280,12 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx)
 		case NF_QUEUE:
 			nft_print(octx, "queue");
 			break;
+		case NF_STOLEN:
+			nft_print(octx, "stolen");
+			break;
 		default:
-			BUG("invalid verdict value %u\n", expr->verdict);
+			nft_print(octx, "unknown verdict value %u", expr->verdict);
+			break;
 		}
 	}
 }
-- 
2.21.0
import nftables-0.9.0-14.el8_1.1 2020-04-07 09:15:19 +00:00			`From 14c526641e1fdec01f345c8d9f22fff809e59790 Mon Sep 17 00:00:00 2001`
			`From: Florian Westphal <fw@strlen.de>`
			`Date: Tue, 12 Jun 2018 18:39:13 +0200`
			`Subject: [PATCH] datatype: add stolen verdict`

			`using fwd statement causes crash when using nft trace:`

			`trace id ddbbaae2 netdev vpn ingress_out packet: iif "enp2s0" ether saddr 78:54:00:29:bb:aa ether daddr 52:54:00:01:53:9f ip saddr 85.14.236.41 ip daddr 17.25.63.98 ip dscp cs0 ip ecn not-ect ip ttl 64 ip id 49036 ip length 84 icmp type echo-reply icmp code 0 icmp id 16947 icmp sequence 4`
			`trace id ddbbaae2 netdev vpn ingress_out rule ip saddr 85.14.236.41 nftrace set 1 (verdict continue)`
			`trace id ddbbaae2 netdev vpn ingress_out rule ip saddr 85.14.236.41 ether saddr set aa:bb:00:18:cc:dd ether daddr set 00:00:5e:00:00:11 fwd to "enp1s0"`
			`BUG: invalid verdict value 2`
			nft: datatype.c:282: verdict_type_print: Assertion `0' failed.

			`ADd stolen verdict (2) and remove the BUG statement.`

			`Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1261`
			`Signed-off-by: Florian Westphal <fw@strlen.de>`
			`(cherry picked from commit bbbed9f3175c5260332ae7e6800b3a6791418fd2)`
			`Signed-off-by: Phil Sutter <psutter@redhat.com>`
			`---`
			`src/datatype.c \| 6 +++++-`
			`1 file changed, 5 insertions(+), 1 deletion(-)`

			`diff --git a/src/datatype.c b/src/datatype.c`
			`index c77d228e95a1e..209044539bb84 100644`
			`--- a/src/datatype.c`
			`+++ b/src/datatype.c`
			`@@ -280,8 +280,12 @@ static void verdict_type_print(const struct expr expr, struct output_ctx octx)`
			`case NF_QUEUE:`
			`nft_print(octx, "queue");`
			`break;`
			`+ case NF_STOLEN:`
			`+ nft_print(octx, "stolen");`
			`+ break;`
			`default:`
			`- BUG("invalid verdict value %u\n", expr->verdict);`
			`+ nft_print(octx, "unknown verdict value %u", expr->verdict);`
			`+ break;`
			`}`
			`}`
			`}`
			`--`
			`2.21.0`