rpms/nftables
7
0
Fork 0
Code Issues Pull Requests Releases Activity

nftables-1.0.4-6.el8

Browse Source 
* Tue Oct 29 2024 Phil Sutter <psutter@redhat.com> [1.0.4-6.el8]
- evaluate: un-break rule insert with intervals (Phil Sutter) [RHEL-62895]
Resolves: RHEL-62895
This commit is contained in:
Phil Sutter 2024-10-29 19:43:08 +01:00
parent 2f6aefdd21
commit 810f4662e9
2 changed files with 71 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
0041-evaluate-un-break-rule-insert-with-intervals.patch Normal file
View File

@ -0,0 +1,66 @@
From 39c9fb961fe827a104e17a8ffa7ed63e51e3f522 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 29 Oct 2024 19:40:56 +0100
Subject: [PATCH] evaluate: un-break rule insert with intervals
JIRA: https://issues.redhat.com/browse/RHEL-62895
Upstream Status: nftables commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6
commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6
Author: Florian Westphal <fw@strlen.de>
Date: Tue Sep 20 15:26:07 2022 +0200
evaluate: un-break rule insert with intervals
'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef'
works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4".
Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
src/evaluate.c | 1 +
tests/shell/testcases/rule_management/0003insert_0 | 4 ++++
tests/shell/testcases/rule_management/dumps/0003insert_0.nft | 1 +
3 files changed, 6 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 6d0a0f5..c6d656b 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1505,6 +1505,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set,
switch (ctx->cmd->op) {
case CMD_CREATE:
case CMD_ADD:
+ case CMD_INSERT:
if (set->automerge) {
ret = set_automerge(ctx->msgs, ctx->cmd, set, init,
ctx->nft->debug_mask);
diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0
index 329ccc2..c343d57 100755
--- a/tests/shell/testcases/rule_management/0003insert_0
+++ b/tests/shell/testcases/rule_management/0003insert_0
@@ -9,3 +9,7 @@ $NFT add chain t c
$NFT insert rule t c accept
$NFT insert rule t c drop
$NFT insert rule t c masquerade
+
+# check 'evaluate: un-break rule insert with intervals'
+
+$NFT insert rule t c tcp sport { 3478-3497, 16384-16387 }
diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
index 9421f4a..b1875ab 100644
--- a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
+++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
@@ -1,5 +1,6 @@
table ip t {
chain c {
+ tcp sport { 3478-3497, 16384-16387 }
masquerade
drop
accept
--
2.46.2

6
nftables.spec
View File

@ -1,5 +1,5 @@
%define nft_rpmversion 1.0.4
%define nft_specrelease 5
%define nft_specrelease 6
%define libnftnl_ver 1.2.2-1
Name: nftables
@ -61,6 +61,7 @@ Patch37: 0037-xt-Purify-enum-nft_xt_type.patch
Patch38: 0038-xt-Rewrite-unsupported-compat-expression-dumping.patch
Patch39: 0039-xt-Fall-back-to-generic-printing-from-translation.patch
Patch40: 0040-xt-Fix-fallback-printing-for-extensions-matching-key.patch
Patch41: 0041-evaluate-un-break-rule-insert-with-intervals.patch
BuildRequires: autoconf
BuildRequires: automake
@ -180,6 +181,9 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py
%{python3_sitelib}/nftables/
%changelog
* Tue Oct 29 2024 Phil Sutter <psutter@redhat.com> [1.0.4-6.el8]
- evaluate: un-break rule insert with intervals (Phil Sutter) [RHEL-62895]
* Wed Aug 14 2024 Phil Sutter <psutter@redhat.com> [1.0.4-5.el8]
- xt: Fix fallback printing for extensions matching keywords (Phil Sutter) [RHEL-5806]
- xt: Fall back to generic printing from translation (Phil Sutter) [RHEL-5806]