When "typeof ... : interval ..." gets used, existing logic
failed to validate the expressions.
"interval" means that kernel reserves twice the size,
so consider this when validating and restoring.
Also fix up the dump file of the existing test
case to be symmetrical.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/netlink.c | 7 ++++++-
.../testcases/sets/dumps/0067nat_concat_interval_0.nft | 4 ++--
2 files changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/netlink.c b/src/netlink.c
index f1452d48f424..3352ad0abb61 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1024,10 +1024,15 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
list_splice_tail(&set_parse_ctx.stmt_list, &set->stmt_list);
if (datatype) {
+ uint32_t dlen;
+
dtype = set_datatype_alloc(datatype, databyteorder);
klen = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN) * BITS_PER_BYTE;
- if (set_udata_key_valid(typeof_expr_data, klen)) {
+ dlen = data_interval ? klen / 2 : klen;
+
+ if (set_udata_key_valid(typeof_expr_data, dlen)) {
+ typeof_expr_data->len = klen;
datatype_free(datatype_get(dtype));
set->data = typeof_expr_data;
} else {
diff --git a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
index 6af47c6682ce..0215691e28ee 100644
--- a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
+++ b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
@@ -18,14 +18,14 @@ table ip nat {
}
map ipportmap4 {
- type ifname . ipv4_addr : interval ipv4_addr
+ typeof iifname . ip saddr : interval ip daddr
flags interval
elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69/32,
"enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
}
map ipportmap5 {
- type ifname . ipv4_addr : interval ipv4_addr . inet_service
+ typeof iifname . ip saddr : interval ip daddr . tcp dport
flags interval
elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22,
"enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
--
2.40.1
