On 2020-01-27, at 10:33:04 +0100, Pablo Neira Ayuso wrote: > On Sun, Jan 19, 2020 at 06:12:03PM +0000, Jeremy Sowden wrote: > > When a unary expression is inserted to implement a byte-order > > conversion, the expression being converted has already been > > evaluated and so expr_evaluate_unary doesn't need to do so. For > > most types of expression, the double evaluation doesn't matter since > > evaluation is idempotent. However, in the case of payload > > expressions which are munged during evaluation, it can cause > > unexpected errors: > > > > # nft add table ip t > > # nft add chain ip t c '{ type filter hook input priority filter; }' > > # nft add rule ip t c ip dscp set 'ip dscp | 0x10' > > Error: Value 252 exceeds valid range 0-63 > > add rule ip t c ip dscp set ip dscp | 0x10 > > ^^^^^^^ > > I'm still hitting this after applying this patch. > > nft add rule ip t c ip dscp set ip dscp or 0x10 > Error: Value 252 exceeds valid range 0-63 > add rule ip t c ip dscp set ip dscp or 0x10 > ^^^^^^ > Probably problem is somewhere else? I'm not sure why we can assume > here that the argument of the unary expression should not be > evaluated. I'll take another look. J.
Attachment:
signature.asc
Description: PGP signature