diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-12-06 18:48:29 +0100 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2023-12-08 19:33:28 +0100 |
commit | 8d3de823b622136e1d05a6fed11ff2dc0e804f8a (patch) | |
tree | dd000055fb4d59f77aebc15c9f640feedbc68102 /tests/py/nft-test.py | |
parent | 94fd162ea4d25fe6b0b4d58dcb7ff66dc55f3247 (diff) |
evaluate: reset statement length context before evaluating statement
This patch consolidates ctx->stmt_len reset in stmt_evaluate() to avoid
this problem. Note that stmt_evaluate_meta() and stmt_evaluate_ct()
already reset it after the statement evaluation.
Moreover, statement dependency can be generated while evaluating a meta
and ct statement. Payload statement dependency already manually stashes
this before calling stmt_evaluate(). Add a new stmt_dependency_evaluate()
function to stash statement length context when evaluating a new statement
dependency and use it for all of the existing statement dependencies.
Florian also says:
'meta mark set vlan id map { 1 : 0x00000001, 4095 : 0x00004095 }' will
crash. Reason is that the l2 dependency generated here is errounously
expanded to a 32bit-one, so the evaluation path won't recognize this
as a L2 dependency. Therefore, pctx->stacked_ll_count is 0 and
__expr_evaluate_payload() crashes with a null deref when
dereferencing pctx->stacked_ll[0].
nft-test.py gains a fugly hack to tolerate '!map typeof vlan id : meta mark'.
For more generic support we should find something more acceptable, e.g.
!map typeof( everything here is a key or data ) timeout ...
tests/py update and assert(pctx->stacked_ll_count) by Florian Westphal.
Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/py/nft-test.py')
-rwxr-xr-x | tests/py/nft-test.py | 17 |
1 files changed, 13 insertions, 4 deletions
diff --git a/tests/py/nft-test.py b/tests/py/nft-test.py index 9a25503d..a7d27c25 100755 --- a/tests/py/nft-test.py +++ b/tests/py/nft-test.py @@ -368,9 +368,9 @@ def set_add(s, test_result, filename, lineno): flags = "flags %s; " % flags if s.data == "": - cmd = "add set %s %s { type %s;%s %s}" % (table, s.name, s.type, s.timeout, flags) + cmd = "add set %s %s { %s;%s %s}" % (table, s.name, s.type, s.timeout, flags) else: - cmd = "add map %s %s { type %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) + cmd = "add map %s %s { %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) ret = execute_cmd(cmd, filename, lineno) @@ -410,7 +410,7 @@ def map_add(s, test_result, filename, lineno): if flags != "": flags = "flags %s; " % flags - cmd = "add map %s %s { type %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) + cmd = "add map %s %s { %s : %s;%s %s}" % (table, s.name, s.type, s.data, s.timeout, flags) ret = execute_cmd(cmd, filename, lineno) @@ -1144,11 +1144,16 @@ def set_process(set_line, filename, lineno): tokens = set_line[0].split(" ") set_name = tokens[0] - set_type = tokens[2] + parse_typeof = tokens[1] == "typeof" + set_type = tokens[1] + " " + tokens[2] set_data = "" set_flags = "" i = 3 + if parse_typeof and tokens[i] == "id": + set_type += " " + tokens[i] + i += 1; + while len(tokens) > i and tokens[i] == ".": set_type += " . " + tokens[i+1] i += 2 @@ -1157,6 +1162,10 @@ def set_process(set_line, filename, lineno): set_data = tokens[i+1] i += 2 + if parse_typeof and tokens[i] == "mark": + set_data += " " + tokens[i] + i += 1; + if len(tokens) == i+2 and tokens[i] == "timeout": timeout = "timeout " + tokens[i+1] + ";" i += 2 |