diff options
author | Florian Westphal <fw@strlen.de> | 2022-09-20 15:26:07 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-09-20 15:26:34 +0200 |
commit | 91626261c9dfedbd1e8ff40959b453418ebc8fb6 (patch) | |
tree | 690cb8abd9b4c486d59fe5c87048ae3728ee478b | |
parent | 8dcf0b2437ea6747b8233e5bdb3d34f089aa78e8 (diff) |
evaluate: un-break rule insert with intervals
'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef'
works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4".
Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 1 | ||||
-rwxr-xr-x | tests/shell/testcases/rule_management/0003insert_0 | 4 | ||||
-rw-r--r-- | tests/shell/testcases/rule_management/dumps/0003insert_0.nft | 1 |
3 files changed, 6 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index d9c9ca28..edebd7bc 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1520,6 +1520,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set, switch (ctx->cmd->op) { case CMD_CREATE: case CMD_ADD: + case CMD_INSERT: if (set->automerge) { ret = set_automerge(ctx->msgs, ctx->cmd, set, init, ctx->nft->debug_mask); diff --git a/tests/shell/testcases/rule_management/0003insert_0 b/tests/shell/testcases/rule_management/0003insert_0 index 329ccc20..c343d579 100755 --- a/tests/shell/testcases/rule_management/0003insert_0 +++ b/tests/shell/testcases/rule_management/0003insert_0 @@ -9,3 +9,7 @@ $NFT add chain t c $NFT insert rule t c accept $NFT insert rule t c drop $NFT insert rule t c masquerade + +# check 'evaluate: un-break rule insert with intervals' + +$NFT insert rule t c tcp sport { 3478-3497, 16384-16387 } diff --git a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft index 9421f4ae..b1875aba 100644 --- a/tests/shell/testcases/rule_management/dumps/0003insert_0.nft +++ b/tests/shell/testcases/rule_management/dumps/0003insert_0.nft @@ -1,5 +1,6 @@ table ip t { chain c { + tcp sport { 3478-3497, 16384-16387 } masquerade drop accept |