diff options
author | Florian Westphal <fw@strlen.de> | 2020-04-01 16:02:16 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2020-04-01 16:43:29 +0200 |
commit | 4ff24ab735c80136c9ce2cca4c3b95065369081d (patch) | |
tree | e515ca79a054df141a07ef973dcd99a091519c7c | |
parent | aa2ddbfbee904445b3593082455056ba3fed321c (diff) |
concat: provide proper dtype when parsing typeof udata
Pablo reports following list bug:
table ip foo {
map whitelist {
typeof ip saddr . ip daddr : meta mark
elements = { 0x0 [invalid type] . 0x0 [invalid type] : 0x00000001,
0x0 [invalid type] . 0x0 [invalid type] : 0x00000002 }
}
}
Problem is that concat provided 'invalid' dtype.
Reported-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/expression.c | 12 | ||||
-rw-r--r-- | tests/shell/testcases/maps/dumps/typeof_maps_0.nft | 7 | ||||
-rwxr-xr-x | tests/shell/testcases/maps/typeof_maps_0 | 7 |
3 files changed, 21 insertions, 5 deletions
diff --git a/src/expression.c b/src/expression.c index 863cf86e..6605beb3 100644 --- a/src/expression.c +++ b/src/expression.c @@ -906,8 +906,9 @@ static int concat_parse_udata_nested(const struct nftnl_udata *attr, void *data) static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr) { const struct nftnl_udata *ud[NFTNL_UDATA_SET_KEY_CONCAT_NEST_MAX] = {}; + const struct datatype *dtype; struct expr *concat_expr; - struct datatype *dtype; + uint32_t dt = 0; unsigned int i; int err; @@ -920,8 +921,6 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr) if (!concat_expr) return NULL; - dtype = xzalloc(sizeof(*dtype)); - for (i = 0; i < array_size(ud); i++) { const struct nftnl_udata *nest_ud[NFTNL_UDATA_SET_KEY_CONCAT_SUB_MAX]; const struct nftnl_udata *nested, *subdata; @@ -948,11 +947,14 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr) if (!expr) goto err_free; - dtype->subtypes++; + dt = concat_subtype_add(dt, expr->dtype->type); compound_expr_add(concat_expr, expr); - dtype->size += round_up(expr->len, BITS_PER_BYTE * sizeof(uint32_t)); } + dtype = concat_type_alloc(dt); + if (!dtype) + goto err_free; + concat_expr->dtype = dtype; concat_expr->len = dtype->size; diff --git a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft index 4361ca3d..faa73cd1 100644 --- a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft +++ b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft @@ -9,8 +9,15 @@ table inet t { elements = { 1 : 0x00000001, 4095 : 0x00004095 } } + map m3 { + typeof ip saddr . ip daddr : meta mark + elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001, + 2.3.4.5 . 6.7.8.9 : 0x00000002 } + } + chain c { ct mark set osf name map @m1 meta mark set vlan id map @m2 + meta mark set ip saddr . ip daddr map @m3 } } diff --git a/tests/shell/testcases/maps/typeof_maps_0 b/tests/shell/testcases/maps/typeof_maps_0 index 950bbf1c..e1c4bba9 100755 --- a/tests/shell/testcases/maps/typeof_maps_0 +++ b/tests/shell/testcases/maps/typeof_maps_0 @@ -16,9 +16,16 @@ EXPECTED="table inet t { 4095 : 0x4095 } } + map m3 { + typeof ip saddr . ip daddr : meta mark + elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001, + 2.3.4.5 . 6.7.8.9 : 0x00000002 } + } + chain c { ct mark set osf name map @m1 ether type vlan meta mark set vlan id map @m2 + meta mark set ip saddr . ip daddr map @m3 } }" |