[PATCH nft] src: allow ifname use in concatenated named sets

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Don't attempt to evaluate dummy string value added as placeholder
for concatenated named sets.

 nft create set inet filter keepalived_ranges4 { type inet_service . ifname \; }
 Error: Empty string is not allowed

This should be allowed.  Also, this function uses ctx.dtype to
reallocate the constant expression, so never do this if we have
an invalid expression in the current eval context.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1265
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
 src/evaluate.c                                                | 3 +++
 tests/shell/testcases/sets/0029named_ifname_dtype_0           | 6 ++++++
 tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index c4ee3cc94a3d..7373b8bea0ce 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -226,6 +226,9 @@ static int expr_evaluate_string(struct eval_ctx *ctx, struct expr **exprp)
 		expr->len = ctx->ectx.len;
 	}
 
+	if (ctx->ectx.dtype == &invalid_type)
+		return 0;
+
 	memset(data + len, 0, data_len - len);
 	mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
 
diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 532d892739f4..c86b39c64d0f 100755
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -8,9 +8,15 @@ EXPECTED="table inet t {
 		elements = { \"eth0\" }
 	}
 
+	set sc {
+		type inet_service . ifname
+		elements = { 22 . \"eth0\" }
+	}
+
 	chain c {
 		iifname @s accept
 		oifname @s accept
+		tcp dport . meta iifname @sc accept
 	}
 }"
 
diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
index 2c82e57d48e8..38afe3e39f3f 100644
--- a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -4,8 +4,14 @@ table inet t {
 		elements = { "eth0" }
 	}
 
+	set sc {
+		type inet_service . ifname
+		elements = { ssh . "eth0" }
+	}
+
 	chain c {
 		iifname @s accept
 		oifname @s accept
+		tcp dport . iifname @sc accept
 	}
 }
-- 
2.16.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux