The assertion is too strict, as found by afl++: typeof iifname . ip saddr . meta ipsec elements = { "eth0" . 10.1.1.2 . 1 } meta ipsec is boolean (1 bit), but datasize of 1 is set at 8 bit. Fixes: 22b750aa6dc9 ("src: allow use of base integer types as set keys in concatenations") Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/evaluate.c | 7 ++++--- .../testcases/sets/dumps/typeof_sets_0.nft | 9 +++++++++ tests/shell/testcases/sets/typeof_sets_0 | 17 +++++++++++++++++ 3 files changed, 30 insertions(+), 3 deletions(-) diff --git a/src/evaluate.c b/src/evaluate.c index c33c4476b0cc..db6650225f2a 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -4640,14 +4640,15 @@ static int set_expr_evaluate_concat(struct eval_ctx *ctx, struct expr **expr) "expressions", i->dtype->name); - if (i->dtype->size) - assert(i->len == i->dtype->size); - flags &= i->flags; ntype = concat_subtype_add(ntype, i->dtype->type); dsize_bytes = div_round_up(i->len, BITS_PER_BYTE); + + if (i->dtype->size) + assert(dsize_bytes == div_round_up(i->dtype->size, BITS_PER_BYTE)); + (*expr)->field_len[(*expr)->field_count++] = dsize_bytes; size += netlink_padded_len(i->len); } diff --git a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft index 6f5b83af6bb9..63fc5b145137 100644 --- a/tests/shell/testcases/sets/dumps/typeof_sets_0.nft +++ b/tests/shell/testcases/sets/dumps/typeof_sets_0.nft @@ -55,6 +55,11 @@ table inet t { elements = { 3567 . 1.2.3.4 } } + set s12 { + typeof iifname . ip saddr . meta ipsec + elements = { "eth0" . 10.1.1.2 . exists } + } + chain c1 { osf name @s1 accept } @@ -94,4 +99,8 @@ table inet t { chain c11 { vlan id . ip saddr @s11 accept } + + chain c12 { + iifname . ip saddr . meta ipsec @s12 accept + } } diff --git a/tests/shell/testcases/sets/typeof_sets_0 b/tests/shell/testcases/sets/typeof_sets_0 index 92555a1f923e..016227da6242 100755 --- a/tests/shell/testcases/sets/typeof_sets_0 +++ b/tests/shell/testcases/sets/typeof_sets_0 @@ -113,6 +113,10 @@ INPUT="table inet t {$INPUT_OSF_SET typeof vlan id . ip saddr elements = { 3567 . 1.2.3.4 } } + set s12 { + typeof meta iifname . ip saddr . meta ipsec + elements = { \"eth0\" . 10.1.1.2 . 1 } + } $INPUT_OSF_CHAIN chain c2 { ether type vlan vlan id @s2 accept @@ -138,6 +142,10 @@ $INPUT_VERSION_CHAIN chain c11 { ether type vlan vlan id . ip saddr @s11 accept } + + chain c12 { + meta iifname . ip saddr . meta ipsec @s12 accept + } }" EXPECTED="table inet t {$INPUT_OSF_SET @@ -181,6 +189,11 @@ $INPUT_VERSION_SET typeof vlan id . ip saddr elements = { 3567 . 1.2.3.4 } } + + set s12 { + typeof iifname . ip saddr . meta ipsec + elements = { \"eth0\" . 10.1.1.2 . exists } + } $INPUT_OSF_CHAIN chain c2 { vlan id @s2 accept @@ -205,6 +218,10 @@ $INPUT_SCTP_CHAIN$INPUT_VERSION_CHAIN chain c11 { vlan id . ip saddr @s11 accept } + + chain c12 { + iifname . ip saddr . meta ipsec @s12 accept + } }" -- 2.41.0