nftables-0.9.8-12.el9

- evaluate: pick data element byte order, not dtype one Resolves: rhbz#2040672
2022-01-14 14:54:55 +01:00 · 2022-01-14 14:54:55 +01:00 · 1606add35f
commit 1606add35f
parent 946bb34b50
2 changed files with 41 additions and 1 deletions
--- a/0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch
+++ b/0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch
@ -0,0 +1,36 @@
 From d5525024223f324c71edb9135f1938745d45acee Mon Sep 17 00:00:00 2001
 From: Florian Westphal <fw@strlen.de>
 Date: Wed, 3 Feb 2021 17:57:06 +0100
 Subject: [PATCH] evaluate: pick data element byte order, not dtype one
 Some expressions have integer base type, not a specific one, e.g. 'ct zone'.
 In that case nft used the wrong byte order.
 Without this, nft adds
 elements = { "eth0" : 256, "eth1" : 512, "veth4" : 256 }
 instead of 1, 2, 3.
 This is not a 'display bug', the added elements have wrong byte order.
 Signed-off-by: Florian Westphal <fw@strlen.de>
 (cherry picked from commit 84b1d078e86dea25c93e15c3e5a3160bbf77e4e7)
 ---
 src/evaluate.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/evaluate.c b/src/evaluate.c
 index 73d6fd0e89bc2..0543190fe777a 100644
 --- a/src/evaluate.c
 +++ b/src/evaluate.c
@@ -1583,7 +1583,7 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
 		else
 			datalen = set->data->len;
 -		expr_set_context(&ctx->ectx, set->data->dtype, datalen);
 +		__expr_set_context(&ctx->ectx, set->data->dtype, set->data->byteorder, datalen, 0);
 	} else {
 		assert((set->flags & NFT_SET_MAP) == 0);
 	}
 -- 
 2.34.1
--- a/nftables.spec
+++ b/nftables.spec
@ -1,6 +1,6 @@
 Name:           nftables
 Version:        0.9.8
-Release:        11%{?dist}
+Release:        12%{?dist}
 # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
 Epoch:          1
 Summary:        Netfilter Tables userspace utillites
@ -41,6 +41,7 @@ Patch24: 0024-exthdr-Implement-SCTP-Chunk-matching.patch
 Patch25: 0025-include-missing-sctp_chunk.h-in-Makefile.am.patch
 Patch26: 0026-evaluate-fix-inet-nat-with-no-layer-3-info.patch
 Patch27: 0027-tests-py-add-dnat-to-port-without-defining-destinati.patch
 Patch28: 0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch
 BuildRequires: autoconf
 BuildRequires: automake
@ -150,6 +151,9 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
 %{python3_sitelib}/nftables/
 %changelog
 * Fri Jan 14 2022 Phil Sutter <psutter@redhat.com> - 1:0.9.8-12
 - evaluate: pick data element byte order, not dtype one
 * Wed Dec 08 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-11
 - tests: py: add dnat to port without defining destination address
 - evaluate: fix inet nat with no layer 3 info