diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-06 10:48:16 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-07-06 18:54:27 +0200 |
| commit | 26d2f70c59f8c66d7cf1a016b74e3007c0e2c118 (patch) | |
| tree | a40cb85c9d661bc0f6cc5446f1bd7c4c62f59dcd | |
| parent | 9297f5b5301b76bb24513b114f905e6fac0a90cd (diff) | |
segtree: zap element statement when decomposing interval
Otherwise, interval sets do not display element statement such as
counters.
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/segtree.c | 16 | ||||
| -rwxr-xr-x | tests/shell/testcases/sets/0051set_interval_counter_0 | 19 | ||||
| -rw-r--r-- | tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft | 13 |
3 files changed, 48 insertions, 0 deletions
diff --git a/src/segtree.c b/src/segtree.c index b6ca6083..49169e73 100644 --- a/src/segtree.c +++ b/src/segtree.c @@ -1027,6 +1027,10 @@ void interval_map_decompose(struct expr *set) tmp->timeout = low->left->timeout; if (low->left->expiration) tmp->expiration = low->left->expiration; + if (low->left->stmt) { + tmp->stmt = low->left->stmt; + low->left->stmt = NULL; + } tmp = mapping_expr_alloc(&tmp->location, tmp, expr_clone(low->right)); @@ -1037,6 +1041,10 @@ void interval_map_decompose(struct expr *set) tmp->timeout = low->timeout; if (low->expiration) tmp->expiration = low->expiration; + if (low->stmt) { + tmp->stmt = low->stmt; + low->stmt = NULL; + } } compound_expr_add(set, tmp); @@ -1059,6 +1067,10 @@ void interval_map_decompose(struct expr *set) prefix->timeout = low->left->timeout; if (low->left->expiration) prefix->expiration = low->left->expiration; + if (low->left->stmt) { + prefix->stmt = low->left->stmt; + low->left->stmt = NULL; + } prefix = mapping_expr_alloc(&low->location, prefix, expr_clone(low->right)); @@ -1069,6 +1081,10 @@ void interval_map_decompose(struct expr *set) prefix->timeout = low->timeout; if (low->expiration) prefix->expiration = low->expiration; + if (low->stmt) { + prefix->stmt = low->stmt; + low->stmt = NULL; + } } compound_expr_add(set, prefix); diff --git a/tests/shell/testcases/sets/0051set_interval_counter_0 b/tests/shell/testcases/sets/0051set_interval_counter_0 new file mode 100755 index 00000000..ea90e264 --- /dev/null +++ b/tests/shell/testcases/sets/0051set_interval_counter_0 @@ -0,0 +1,19 @@ +#!/bin/bash + +set -e + +EXPECTED="table ip x { + set s { + type ipv4_addr + flags interval + counter + elements = { 192.168.2.0/24 } + } + + chain y { + type filter hook output priority filter; policy accept; + ip daddr @s + } +}" + +$NFT -f - <<< "$EXPECTED" diff --git a/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft new file mode 100644 index 00000000..fd488a76 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft @@ -0,0 +1,13 @@ +table ip x { + set s { + type ipv4_addr + flags interval + counter + elements = { 192.168.2.0/24 counter packets 0 bytes 0 } + } + + chain y { + type filter hook output priority filter; policy accept; + ip daddr @s + } +} |