rpms/nftables
7
0
Fork 0
Code Issues Pull Requests Releases Activity
810f4662e9
nftables/0041-evaluate-un-break-rule-insert-with-intervals.patch
Phil Sutter 810f4662e9 nftables-1.0.4-6.el8 
* Tue Oct 29 2024 Phil Sutter <psutter@redhat.com> [1.0.4-6.el8]
- evaluate: un-break rule insert with intervals (Phil Sutter) [RHEL-62895]
Resolves: RHEL-62895
2024-10-29 19:43:08 +01:00

67 lines
2.5 KiB
Diff
Raw Blame History

From 39c9fb961fe827a104e17a8ffa7ed63e51e3f522 Mon Sep 17 00:00:00 2001
From: Phil Sutter <psutter@redhat.com>
Date: Tue, 29 Oct 2024 19:40:56 +0100
Subject: [PATCH] evaluate: un-break rule insert with intervals
JIRA: https://issues.redhat.com/browse/RHEL-62895
Upstream Status: nftables commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6
commit 91626261c9dfedbd1e8ff40959b453418ebc8fb6
Author: Florian Westphal <fw@strlen.de>
Date: Tue Sep 20 15:26:07 2022 +0200
evaluate: un-break rule insert with intervals
'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef'
works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4".
Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Phil Sutter <psutter@redhat.com>
---
src/evaluate.c | 1 +
tests/shell/testcases/rule_management/0003insert_0 | 4 ++++
tests/shell/testcases/rule_management/dumps/0003insert_0.nft | 1 +
3 files changed, 6 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 6d0a0f5..c6d656b 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1505,6 +1505,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set,
switch (ctx->cmd->op) {
case CMD_CREATE:
case CMD_ADD:
+ case CMD_INSERT:
if (set->automerge) {
ret = set_automerge(ctx->msgs, ctx->cmd, set, init,
ctx->nft->debug_mask);
diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0
index 329ccc2..c343d57 100755
--- a/tests/shell/testcases/rule_management/0003insert_0
+++ b/tests/shell/testcases/rule_management/0003insert_0
@@ -9,3 +9,7 @@ $NFT add chain t c
$NFT insert rule t c accept
$NFT insert rule t c drop
$NFT insert rule t c masquerade
+
+# check 'evaluate: un-break rule insert with intervals'
+
+$NFT insert rule t c tcp sport { 3478-3497, 16384-16387 }
diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
index 9421f4a..b1875ab 100644
--- a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
+++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft
@@ -1,5 +1,6 @@
table ip t {
chain c {
+ tcp sport { 3478-3497, 16384-16387 }
masquerade
drop
accept
--
2.46.2
Reference in New Issue View Git Blame Copy Permalink