summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2020-04-01 16:02:16 +0200
committerFlorian Westphal <fw@strlen.de>2020-04-01 16:43:29 +0200
commit4ff24ab735c80136c9ce2cca4c3b95065369081d (patch)
treee515ca79a054df141a07ef973dcd99a091519c7c
parentaa2ddbfbee904445b3593082455056ba3fed321c (diff)
concat: provide proper dtype when parsing typeof udata
Pablo reports following list bug: table ip foo { map whitelist { typeof ip saddr . ip daddr : meta mark elements = { 0x0 [invalid type] . 0x0 [invalid type] : 0x00000001, 0x0 [invalid type] . 0x0 [invalid type] : 0x00000002 } } } Problem is that concat provided 'invalid' dtype. Reported-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r--src/expression.c12
-rw-r--r--tests/shell/testcases/maps/dumps/typeof_maps_0.nft7
-rwxr-xr-xtests/shell/testcases/maps/typeof_maps_07
3 files changed, 21 insertions, 5 deletions
diff --git a/src/expression.c b/src/expression.c
index 863cf86e..6605beb3 100644
--- a/src/expression.c
+++ b/src/expression.c
@@ -906,8 +906,9 @@ static int concat_parse_udata_nested(const struct nftnl_udata *attr, void *data)
static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
{
const struct nftnl_udata *ud[NFTNL_UDATA_SET_KEY_CONCAT_NEST_MAX] = {};
+ const struct datatype *dtype;
struct expr *concat_expr;
- struct datatype *dtype;
+ uint32_t dt = 0;
unsigned int i;
int err;
@@ -920,8 +921,6 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
if (!concat_expr)
return NULL;
- dtype = xzalloc(sizeof(*dtype));
-
for (i = 0; i < array_size(ud); i++) {
const struct nftnl_udata *nest_ud[NFTNL_UDATA_SET_KEY_CONCAT_SUB_MAX];
const struct nftnl_udata *nested, *subdata;
@@ -948,11 +947,14 @@ static struct expr *concat_expr_parse_udata(const struct nftnl_udata *attr)
if (!expr)
goto err_free;
- dtype->subtypes++;
+ dt = concat_subtype_add(dt, expr->dtype->type);
compound_expr_add(concat_expr, expr);
- dtype->size += round_up(expr->len, BITS_PER_BYTE * sizeof(uint32_t));
}
+ dtype = concat_type_alloc(dt);
+ if (!dtype)
+ goto err_free;
+
concat_expr->dtype = dtype;
concat_expr->len = dtype->size;
diff --git a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
index 4361ca3d..faa73cd1 100644
--- a/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
+++ b/tests/shell/testcases/maps/dumps/typeof_maps_0.nft
@@ -9,8 +9,15 @@ table inet t {
elements = { 1 : 0x00000001, 4095 : 0x00004095 }
}
+ map m3 {
+ typeof ip saddr . ip daddr : meta mark
+ elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001,
+ 2.3.4.5 . 6.7.8.9 : 0x00000002 }
+ }
+
chain c {
ct mark set osf name map @m1
meta mark set vlan id map @m2
+ meta mark set ip saddr . ip daddr map @m3
}
}
diff --git a/tests/shell/testcases/maps/typeof_maps_0 b/tests/shell/testcases/maps/typeof_maps_0
index 950bbf1c..e1c4bba9 100755
--- a/tests/shell/testcases/maps/typeof_maps_0
+++ b/tests/shell/testcases/maps/typeof_maps_0
@@ -16,9 +16,16 @@ EXPECTED="table inet t {
4095 : 0x4095 }
}
+ map m3 {
+ typeof ip saddr . ip daddr : meta mark
+ elements = { 1.2.3.4 . 5.6.7.8 : 0x00000001,
+ 2.3.4.5 . 6.7.8.9 : 0x00000002 }
+ }
+
chain c {
ct mark set osf name map @m1
ether type vlan meta mark set vlan id map @m2
+ meta mark set ip saddr . ip daddr map @m3
}
}"