nftables-0.9.8-12.el9

- evaluate: pick data element byte order, not dtype one Resolves: rhbz#2040672
2022-01-14 14:54:55 +01:00 · 2022-01-14 14:54:55 +01:00 · 1606add35f
commit 1606add35f
parent 946bb34b50
2 changed files with 41 additions and 1 deletions
--- a/0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch
+++ b/0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch
@ -0,0 +1,36 @@
+From d5525024223f324c71edb9135f1938745d45acee Mon Sep 17 00:00:00 2001
+From: Florian Westphal <fw@strlen.de>
+Date: Wed, 3 Feb 2021 17:57:06 +0100
+Subject: [PATCH] evaluate: pick data element byte order, not dtype one
+
+Some expressions have integer base type, not a specific one, e.g. 'ct zone'.
+In that case nft used the wrong byte order.
+
+Without this, nft adds
+elements = { "eth0" : 256, "eth1" : 512, "veth4" : 256 }
+instead of 1, 2, 3.
+
+This is not a 'display bug', the added elements have wrong byte order.
+
+Signed-off-by: Florian Westphal <fw@strlen.de>
+(cherry picked from commit 84b1d078e86dea25c93e15c3e5a3160bbf77e4e7)
+---
+ src/evaluate.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/src/evaluate.c b/src/evaluate.c
+index 73d6fd0e89bc2..0543190fe777a 100644
+--- a/src/evaluate.c
+++ b/src/evaluate.c
+@@ -1583,7 +1583,7 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
+ 		else
+ 			datalen = set->data->len;
+ 
+-		expr_set_context(&ctx->ectx, set->data->dtype, datalen);
+		__expr_set_context(&ctx->ectx, set->data->dtype, set->data->byteorder, datalen, 0);
+ 	} else {
+ 		assert((set->flags & NFT_SET_MAP) == 0);
+ 	}
+-- 
+2.34.1
+
--- a/nftables.spec
+++ b/nftables.spec
@ -1,6 +1,6 @@
 Name:           nftables
 Version:        0.9.8
-Release:        11%{?dist}
+Release:        12%{?dist}
 # Upstream released a 0.100 version, then 0.4. Need Epoch to get back on track.
 Epoch:          1
 Summary:        Netfilter Tables userspace utillites
@ -41,6 +41,7 @@ Patch24: 0024-exthdr-Implement-SCTP-Chunk-matching.patch
 Patch25: 0025-include-missing-sctp_chunk.h-in-Makefile.am.patch
 Patch26: 0026-evaluate-fix-inet-nat-with-no-layer-3-info.patch
 Patch27: 0027-tests-py-add-dnat-to-port-without-defining-destinati.patch
+Patch28: 0028-evaluate-pick-data-element-byte-order-not-dtype-one.patch

 BuildRequires: autoconf
 BuildRequires: automake
@ -150,6 +151,9 @@ sed -i -e 's/\(sofile=\)".*"/\1"'$sofile'"/' \
 %{python3_sitelib}/nftables/

 %changelog
+* Fri Jan 14 2022 Phil Sutter <psutter@redhat.com> - 1:0.9.8-12
+- evaluate: pick data element byte order, not dtype one
+
 * Wed Dec 08 2021 Phil Sutter <psutter@redhat.com> - 1:0.9.8-11
 - tests: py: add dnat to port without defining destination address
 - evaluate: fix inet nat with no layer 3 info