diff --git a/0041-evaluate-un-break-rule-insert-with-intervals.patch b/0041-evaluate-un-break-rule-insert-with-intervals.patch new file mode 100644 index 0000000..b49f195 --- /dev/null +++ b/0041-evaluate-un-break-rule-insert-with-intervals.patch @@ -0,0 +1,66 @@ +From 39c9fb961fe827a104e17a8ffa7ed63e51e3f522 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Tue, 29 Oct 2024 19:40:56 +0100 +Subject: [PATCH] evaluate: un-break rule insert with intervals + +JIRA: https://issues.redhat.com/browse/RHEL-62895 +Upstream Status: nftables commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6 + +commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6 +Author: Florian Westphal +Date: Tue Sep 20 15:26:07 2022 +0200 + + evaluate: un-break rule insert with intervals + + 'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' + works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". + + Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge") + Signed-off-by: Florian Westphal + Acked-by: Pablo Neira Ayuso + +Signed-off-by: Phil Sutter +--- + src/evaluate.c | 1 + + tests/shell/testcases/rule_management/0003insert_0 | 4 ++++ + tests/shell/testcases/rule_management/dumps/0003insert_0.nft | 1 + + 3 files changed, 6 insertions(+) + +diff --git a/src/evaluate.c b/src/evaluate.c +index 6d0a0f5..c6d656b 100644 +--- a/src/evaluate.c ++++ b/src/evaluate.c +@@ -1505,6 +1505,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set, + switch (ctx->cmd->op) { + case CMD_CREATE: + case CMD_ADD: ++ case CMD_INSERT: + if (set->automerge) { + ret = set_automerge(ctx->msgs, ctx->cmd, set, init, + ctx->nft->debug_mask); +diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0 +index 329ccc2..c343d57 100755 +--- a/tests/shell/testcases/rule_management/0003insert_0 ++++ b/tests/shell/testcases/rule_management/0003insert_0 +@@ -9,3 +9,7 @@ $NFT add chain t c + $NFT insert rule t c accept + $NFT insert rule t c drop + $NFT insert rule t c masquerade ++ ++# check 'evaluate: un-break rule insert with intervals' ++ ++$NFT insert rule t c tcp sport { 3478-3497, 16384-16387 } +diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft +index 9421f4a..b1875ab 100644 +--- a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft ++++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft +@@ -1,5 +1,6 @@ + table ip t { + chain c { ++ tcp sport { 3478-3497, 16384-16387 } + masquerade + drop + accept +-- +2.46.2 + diff --git a/nftables.spec b/nftables.spec index 2c38dc9..b9ba974 100644 --- a/nftables.spec +++ b/nftables.spec @@ -1,5 +1,5 @@ %define nft_rpmversion 1.0.4 -%define nft_specrelease 5 +%define nft_specrelease 6 %define libnftnl_ver 1.2.2-1 Name: nftables @@ -61,6 +61,7 @@ Patch37: 0037-xt-Purify-enum-nft_xt_type.patch Patch38: 0038-xt-Rewrite-unsupported-compat-expression-dumping.patch Patch39: 0039-xt-Fall-back-to-generic-printing-from-translation.patch Patch40: 0040-xt-Fix-fallback-printing-for-extensions-matching-key.patch +Patch41: 0041-evaluate-un-break-rule-insert-with-intervals.patch BuildRequires: autoconf BuildRequires: automake @@ -180,6 +181,9 @@ touch -r %{SOURCE2} $RPM_BUILD_ROOT/%{python3_sitelib}/nftables/nftables.py %{python3_sitelib}/nftables/ %changelog +* Tue Oct 29 2024 Phil Sutter [1.0.4-6.el8] +- evaluate: un-break rule insert with intervals (Phil Sutter) [RHEL-62895] + * Wed Aug 14 2024 Phil Sutter [1.0.4-5.el8] - xt: Fix fallback printing for extensions matching keywords (Phil Sutter) [RHEL-5806] - xt: Fall back to generic printing from translation (Phil Sutter) [RHEL-5806]