this makes following failing test case work:
ip6 dscp vmap { 0x04, ..
problem was that the 6bit dscp value spans a byte boundary,
so payload postprocessing increases the size to a 2 byte access
(plus a binop mask operation to discard the unwanted bits).
But because set key size was already set based on the previous
payload size, we get a set with a keysize of 1 that is then
populated with keys of size 2 (which causes a kernel error).
So, fixup the set size so kernel is told to expect 2-byte keys
in this case.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
diff --git a/src/evaluate.c b/src/evaluate.c
index d224f0f3c2c1..a1193f7d8456 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1279,6 +1279,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
if (expr_evaluate(ctx, &map->mappings->set->init) < 0)
return -1;
expr_set_context(&ctx->ectx, ctx->set->key->dtype, ctx->set->key->len);
+ if (ctx->set->key->len < map->left->len)
+ ctx->set->key->len = map->left->len;
if (binop_transfer(ctx, expr) < 0)
return -1;
--
2.16.1
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
