dynset: avoid errouneous assert with ipv6 concat dataHEADmaster

nft add rule ip6 table-test chain-1 update @map-X { ip6 saddr : 1000::1 . 5001 }
nft: src/netlink_linearize.c:873: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted (core dumped)

This is because we pass the EXPR_SET_ELEM expr to the register allocation,
which will make it reserve 1 128 bit register / 16 bytes.

This happens to be enough for most cases, but its not for ipv6 concat data.
Pass the actual key and data instead: This will reserve enough space to
hold a possible concat expression.

Also add test cases.

Signed-off-by: Son Dinh <dinhtrason@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

12 files changed, 144 insertions, 3 deletions

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 6204d8fd..de9e975f 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1592,11 +1592,11 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx,
 	sreg_key = get_register(ctx, stmt->map.key->key);
 	netlink_gen_expr(ctx, stmt->map.key->key, sreg_key);
 
-	sreg_data = get_register(ctx, stmt->map.data);
-	netlink_gen_expr(ctx, stmt->map.data, sreg_data);
+	sreg_data = get_register(ctx, stmt->map.data->key);
+	netlink_gen_expr(ctx, stmt->map.data->key, sreg_data);
 
 	release_register(ctx, stmt->map.key->key);
-	release_register(ctx, stmt->map.data);
+	release_register(ctx, stmt->map.data->key);
 
 	nle = alloc_nft_expr("dynset");
 	netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);
diff --git a/tests/py/ip/sets.t b/tests/py/ip/sets.t
index 46d9686b..ad2c8316 100644
--- a/tests/py/ip/sets.t
+++ b/tests/py/ip/sets.t
@@ -66,3 +66,5 @@ ip saddr @set6 drop;ok
 ip saddr vmap { 1.1.1.1 : drop, * : accept };ok
 meta mark set ip saddr map { 1.1.1.1 : 0x00000001, * : 0x00000002 };ok
 
+!map2 type ipv4_addr . ipv4_addr . inet_service : ipv4_addr . inet_service;ok
+add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 };ok
diff --git a/tests/py/ip/sets.t.json b/tests/py/ip/sets.t.json
index 44ca1528..f2637d93 100644
--- a/tests/py/ip/sets.t.json
+++ b/tests/py/ip/sets.t.json
@@ -303,3 +303,40 @@
     }
 ]
 
+# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 }
+[
+    {
+        "map": {
+            "data": {
+                "concat": [
+                    "10.0.0.1",
+                    80
+                ]
+            },
+            "elem": {
+                "concat": [
+                    {
+                        "payload": {
+                            "field": "saddr",
+                            "protocol": "ip"
+                        }
+                    },
+                    {
+                        "payload": {
+                            "field": "daddr",
+                            "protocol": "ip"
+                        }
+                    },
+                    {
+                        "payload": {
+                            "field": "dport",
+                            "protocol": "th"
+                        }
+                    }
+                ]
+            },
+            "map": "@map2",
+            "op": "add"
+        }
+    }
+]
diff --git a/tests/py/ip/sets.t.payload.inet b/tests/py/ip/sets.t.payload.inet
index fd6517a5..cc04b43d 100644
--- a/tests/py/ip/sets.t.payload.inet
+++ b/tests/py/ip/sets.t.payload.inet
@@ -104,3 +104,14 @@ inet
   [ payload load 4b @ network header + 12 => reg 1 ]
   [ lookup reg 1 set __map%d dreg 1 ]
   [ meta set mark with reg 1 ]
+
+# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 }
+inet test-inet input
+  [ meta load nfproto => reg 1 ]
+  [ cmp eq reg 1 0x00000002 ]
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ payload load 4b @ network header + 16 => reg 9 ]
+  [ payload load 2b @ transport header + 2 => reg 10 ]
+  [ immediate reg 11 0x0100000a ]
+  [ immediate reg 2 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 11 ]
diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip
index d9cc32b6..f9ee1f98 100644
--- a/tests/py/ip/sets.t.payload.ip
+++ b/tests/py/ip/sets.t.payload.ip
@@ -81,3 +81,11 @@ ip test-ip4 input
   [ meta load mark => reg 10 ]
   [ dynset add reg_key 1 set map1 sreg_data 10 ]
 
+# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 }
+ip test-ip4 input
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ payload load 4b @ network header + 16 => reg 9 ]
+  [ payload load 2b @ transport header + 2 => reg 10 ]
+  [ immediate reg 11 0x0100000a ]
+  [ immediate reg 2 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 11 ]
diff --git a/tests/py/ip/sets.t.payload.netdev b/tests/py/ip/sets.t.payload.netdev
index d41b9e8b..3d0dc79a 100644
--- a/tests/py/ip/sets.t.payload.netdev
+++ b/tests/py/ip/sets.t.payload.netdev
@@ -105,3 +105,13 @@ netdev test-netdev ingress
   [ meta load mark => reg 10 ]
   [ dynset add reg_key 1 set map1 sreg_data 10 ]
 
+# add @map2 { ip saddr . ip daddr . th dport : 10.0.0.1 . 80 }
+netdev test-netdev ingress
+  [ meta load protocol => reg 1 ]
+  [ cmp eq reg 1 0x00000008 ]
+  [ payload load 4b @ network header + 12 => reg 1 ]
+  [ payload load 4b @ network header + 16 => reg 9 ]
+  [ payload load 2b @ transport header + 2 => reg 10 ]
+  [ immediate reg 11 0x0100000a ]
+  [ immediate reg 2 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 11 ]
diff --git a/tests/py/ip6/sets.t b/tests/py/ip6/sets.t
index 17fd62f5..cc26bd22 100644
--- a/tests/py/ip6/sets.t
+++ b/tests/py/ip6/sets.t
@@ -46,3 +46,6 @@ add @set5 { ip6 saddr . ip6 daddr };ok
 add @map1 { ip6 saddr . ip6 daddr : meta mark };ok
 
 delete @set5 { ip6 saddr . ip6 daddr };ok
+
+!map2 type ipv6_addr . ipv6_addr . inet_service : ipv6_addr . inet_service;ok
+add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 };ok
\ No newline at end of file
diff --git a/tests/py/ip6/sets.t.json b/tests/py/ip6/sets.t.json
index 2029d2b5..99236099 100644
--- a/tests/py/ip6/sets.t.json
+++ b/tests/py/ip6/sets.t.json
@@ -148,3 +148,40 @@
     }
 ]
 
+# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 }
+[
+    {
+        "map": {
+            "data": {
+                "concat": [
+                    "1234::1",
+                    80
+                ]
+            },
+            "elem": {
+                "concat": [
+                    {
+                        "payload": {
+                            "field": "saddr",
+                            "protocol": "ip6"
+                        }
+                    },
+                    {
+                        "payload": {
+                            "field": "daddr",
+                            "protocol": "ip6"
+                        }
+                    },
+                    {
+                        "payload": {
+                            "field": "dport",
+                            "protocol": "th"
+                        }
+                    }
+                ]
+            },
+            "map": "@map2",
+            "op": "add"
+        }
+    }
+]
diff --git a/tests/py/ip6/sets.t.payload.inet b/tests/py/ip6/sets.t.payload.inet
index 2bbd5573..2dbb818a 100644
--- a/tests/py/ip6/sets.t.payload.inet
+++ b/tests/py/ip6/sets.t.payload.inet
@@ -47,3 +47,14 @@ inet test-inet input
   [ payload load 16b @ network header + 8 => reg 1 ]
   [ payload load 16b @ network header + 24 => reg 2 ]
   [ dynset delete reg_key 1 set set5 ]
+
+# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 }
+inet test-inet input
+  [ meta load nfproto => reg 1 ]
+  [ cmp eq reg 1 0x0000000a ]
+  [ payload load 16b @ network header + 8 => reg 1 ]
+  [ payload load 16b @ network header + 24 => reg 2 ]
+  [ payload load 2b @ transport header + 2 => reg 3 ]
+  [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ]
+  [ immediate reg 21 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 17 ]
diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6
index c59f7b5c..7234b989 100644
--- a/tests/py/ip6/sets.t.payload.ip6
+++ b/tests/py/ip6/sets.t.payload.ip6
@@ -36,3 +36,11 @@ ip6 test-ip6 input
   [ meta load mark => reg 3 ]
   [ dynset add reg_key 1 set map1 sreg_data 3 ]
 
+# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 }
+ip6 test-ip6 input
+  [ payload load 16b @ network header + 8 => reg 1 ]
+  [ payload load 16b @ network header + 24 => reg 2 ]
+  [ payload load 2b @ transport header + 2 => reg 3 ]
+  [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ]
+  [ immediate reg 21 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 17 ]
diff --git a/tests/py/ip6/sets.t.payload.netdev b/tests/py/ip6/sets.t.payload.netdev
index 1866d26b..2ad0f434 100644
--- a/tests/py/ip6/sets.t.payload.netdev
+++ b/tests/py/ip6/sets.t.payload.netdev
@@ -48,3 +48,13 @@ netdev test-netdev ingress
   [ meta load mark => reg 3 ]
   [ dynset add reg_key 1 set map1 sreg_data 3 ]
 
+# add @map2 { ip6 saddr . ip6 daddr . th dport : 1234::1 . 80 }
+netdev test-netdev ingress
+  [ meta load protocol => reg 1 ]
+  [ cmp eq reg 1 0x0000dd86 ]
+  [ payload load 16b @ network header + 8 => reg 1 ]
+  [ payload load 16b @ network header + 24 => reg 2 ]
+  [ payload load 2b @ transport header + 2 => reg 3 ]
+  [ immediate reg 17 0x00003412 0x00000000 0x00000000 0x01000000 ]
+  [ immediate reg 21 0x00005000 ]
+  [ dynset add reg_key 1 set map2 sreg_data 17 ]
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py
index 1bc89558..00799e28 100755
--- a/tests/py/nft-test.py
+++ b/tests/py/nft-test.py
@@ -1164,6 +1164,10 @@ def set_process(set_line, filename, lineno):
         set_data = tokens[i+1]
         i += 2
 
+    while len(tokens) > i and tokens[i] == ".":
+        set_data += " . " + tokens[i+1]
+        i += 2
+
     if parse_typeof and tokens[i] == "mark":
         set_data += " " + tokens[i]
         i += 1;