diff options
author | Anders K. Pedersen <akp@cohaesio.com> | 2017-10-04 14:27:45 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-06 14:57:47 +0200 |
commit | 22d2010109193e6ee201d7cd4e8aaf5cda4539a0 (patch) | |
tree | dd2ea386adcc05022d7cc5d847225c66106d40e4 /tests/py/ip/sets.t.payload.ip | |
parent | 68508628c497be54e935f28fe5b28e87d6d17368 (diff) |
netlink_linearize: skip set element expression in set statement key
Before this patch the following fails:
# nft add rule ip6 filter x \
set add ip6 saddr . ip6 daddr @test
nft: netlink_linearize.c:648: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted
This is was previously fixed for flow statements in fbea4a6f4449
("netlink_linearize: skip set element expression in flow table key"), and
this patch implements the same change for set statements by using the set
element key in netlink_gen_set_stmt().
nft-test.py is updated to support set types with concatenated data types
in order to support testing of this.
Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip/sets.t.payload.ip')
-rw-r--r-- | tests/py/ip/sets.t.payload.ip | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/py/ip/sets.t.payload.ip b/tests/py/ip/sets.t.payload.ip index 891a1ee4..a7831745 100644 --- a/tests/py/ip/sets.t.payload.ip +++ b/tests/py/ip/sets.t.payload.ip @@ -22,6 +22,19 @@ ip test-ip4 input [ lookup reg 1 set set2 0x1 ] [ immediate reg 0 drop ] +# ip saddr . ip daddr @set5 drop +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ lookup reg 1 set set5 ] + [ immediate reg 0 drop ] + +# set add ip saddr . ip daddr @set5 +ip test-ip4 input + [ payload load 4b @ network header + 12 => reg 1 ] + [ payload load 4b @ network header + 16 => reg 9 ] + [ dynset add reg_key 1 set set5 ] + # ip saddr { { 1.1.1.0, 3.3.3.0 }, 2.2.2.0 } __set%d test-ip4 3 __set%d test-ip4 0 |