diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-02-28 19:52:57 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-02-28 20:00:24 +0100 |
commit | be7f6099feb7b5d34715b06f9308877cdcdc404a (patch) | |
tree | ce8ef039d54e96869956478c94e92c7a81559e04 /lib/ipset.c | |
parent | c74a420471fd693f89e0b0e19f93c88af22fb7de (diff) |
Fix IPv6 sets nftables translation
The parser assumes the set is an IPv4 ipset because IPSET_OPT_FAMILY is
not set.
# ipset-translate restore < ./ipset-mwan3_set_connected_ipv6.dump
add table inet global
add set inet global mwan3_connected_v6 { type ipv6_addr; flags interval; }
flush set inet global mwan3_connected_v6
ipset v7.15: Error in line 4: Syntax error: '64' is out of range 0-32
Remove ipset_xlate_type_get(), call ipset_xlate_set_get() instead to
obtain the set type and family.
Reported-by: Florian Eckert <fe@dev.tdt.de>
Fixes: 325af556cd3a ("add ipset to nftables translation infrastructure")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'lib/ipset.c')
-rw-r--r-- | lib/ipset.c | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/lib/ipset.c b/lib/ipset.c index 73e67db..50f86ae 100644 --- a/lib/ipset.c +++ b/lib/ipset.c @@ -949,18 +949,6 @@ ipset_xlate_set_get(struct ipset *ipset, const char *name) return NULL; } -static const struct ipset_type *ipset_xlate_type_get(struct ipset *ipset, - const char *name) -{ - const struct ipset_xlate_set *set; - - set = ipset_xlate_set_get(ipset, name); - if (!set) - return NULL; - - return set->type; -} - static int ipset_parser(struct ipset *ipset, int oargc, char *oargv[]) { @@ -1282,8 +1270,16 @@ ipset_parser(struct ipset *ipset, int oargc, char *oargv[]) if (!ipset->xlate) { type = ipset_type_get(session, cmd); } else { - type = ipset_xlate_type_get(ipset, arg0); - ipset_session_data_set(session, IPSET_OPT_TYPE, type); + const struct ipset_xlate_set *xlate_set; + + xlate_set = ipset_xlate_set_get(ipset, arg0); + if (xlate_set) { + ipset_session_data_set(session, IPSET_OPT_TYPE, + xlate_set->type); + ipset_session_data_set(session, IPSET_OPT_FAMILY, + &xlate_set->family); + type = xlate_set->type; + } } if (type == NULL) return ipset->standard_error(ipset, p); |