On 2020-01-27, at 10:33:04 +0100, Pablo Neira Ayuso wrote:
> On Sun, Jan 19, 2020 at 06:12:03PM +0000, Jeremy Sowden wrote:
> > When a unary expression is inserted to implement a byte-order
> > conversion, the expression being converted has already been
> > evaluated and so expr_evaluate_unary doesn't need to do so. For
> > most types of expression, the double evaluation doesn't matter since
> > evaluation is idempotent. However, in the case of payload
> > expressions which are munged during evaluation, it can cause
> > unexpected errors:
> >
> > # nft add table ip t
> > # nft add chain ip t c '{ type filter hook input priority filter; }'
> > # nft add rule ip t c ip dscp set 'ip dscp | 0x10'
> > Error: Value 252 exceeds valid range 0-63
> > add rule ip t c ip dscp set ip dscp | 0x10
> > ^^^^^^^
>
> I'm still hitting this after applying this patch.
>
> nft add rule ip t c ip dscp set ip dscp or 0x10
> Error: Value 252 exceeds valid range 0-63
> add rule ip t c ip dscp set ip dscp or 0x10
> ^^^^^^
> Probably problem is somewhere else? I'm not sure why we can assume
> here that the argument of the unary expression should not be
> evaluated.
I'll take another look.
J.
Attachment:
signature.asc
Description: PGP signature
