[PATCH nft 2/2] segtree: add missing non-matching segment to set in flat representation

[Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>]

 # cat test.nft
 add set x y { type ipv4_addr; }
 add element x y { 10.0.24.0/24 }
 # nft -f test.nft
 # nft delete element x y { 10.0.24.0/24 }

bogusly return -ENOENT. The closing segment (0.0.0.0 with end flag set
on ) is not added to the set in the example above.

This patch also adds a test to catch this case.

Fixes: 4935a0d561b5 ("segtree: special handling for the first non-matching segment")
Reported-by: Václav Zindulka <vaclav.zindulka@xxxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/segtree.c                                          |  9 ++++++---
 tests/shell/testcases/sets/0035add_set_elements_flat_0 | 10 ++++++++++
 2 files changed, 16 insertions(+), 3 deletions(-)
 create mode 100755 tests/shell/testcases/sets/0035add_set_elements_flat_0

diff --git a/src/segtree.c b/src/segtree.c
index ecf564e5fa07..8034525fb80b 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -430,16 +430,19 @@ static bool segtree_needs_first_segment(const struct set *set,
 					const struct expr *init, bool add)
 {
 	if (add) {
-		/* Add the first segment in three situations:
+		/* Add the first segment in four situations:
 		 *
 		 * 1) This is an anonymous set.
 		 * 2) This set exists and it is empty.
-		 * 3) This set is created with a number of initial elements.
+		 * 3) New empty set and, separately, new elements are added.
+		 * 4) This set is created with a number of initial elements.
 		 */
 		if ((set->flags & NFT_SET_ANONYMOUS) ||
 		    (set->init && set->init->size == 0) ||
-		    (set->init == init))
+		    (set->init == NULL && init) ||
+		    (set->init == init)) {
 			return true;
+		}
 	} else {
 		/* If the set is empty after the removal, we have to
 		 * remove the first non-matching segment too.
diff --git a/tests/shell/testcases/sets/0035add_set_elements_flat_0 b/tests/shell/testcases/sets/0035add_set_elements_flat_0
new file mode 100755
index 000000000000..d914ba9846ca
--- /dev/null
+++ b/tests/shell/testcases/sets/0035add_set_elements_flat_0
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+RULESET="add table ip x
+add set x y {type ipv4_addr; flags interval;}
+add element x y { 10.0.24.0/24 }
+"
+
+set -e
+$NFT -f - <<< "$RULESET"
+$NFT delete element x y { 10.0.24.0/24 }
-- 
2.11.0