diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-12-05 17:20:05 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-12-06 16:21:02 +0100 |
| commit | 0d9392eef5f2c79ac7c19f59754a0aee574b5617 (patch) | |
| tree | 9310d62e3b93bca0fb93753883fe310c1b62fcb9 | |
| parent | d85d0933519c9d0094d4468a7211333546bd8d47 (diff) | |
monitor: add support for concatenated set ranges
monitor is missing concatenated set ranges support.
Fixes: 8ac2f3b2fca3 ("src: Add support for concatenated set ranges")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | src/monitor.c | 11 | ||||
| -rw-r--r-- | tests/monitor/testcases/set-concat-interval.t | 12 |
2 files changed, 21 insertions, 2 deletions
diff --git a/src/monitor.c b/src/monitor.c index 82762a0f..2fc16d67 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -390,13 +390,19 @@ static bool netlink_event_range_cache(struct set *cached_set, /* don't cache half-open range elements */ elem = list_entry(dummyset->init->expressions.prev, struct expr, list); - if (!set_elem_is_open_interval(elem)) { + if (!set_elem_is_open_interval(elem) && + dummyset->desc.field_count <= 1) { cached_set->rg_cache = expr_clone(elem); return true; } out_decompose: - interval_map_decompose(dummyset->init); + if (dummyset->flags & NFT_SET_INTERVAL && + dummyset->desc.field_count > 1) + concat_range_aggregate(dummyset->init); + else + interval_map_decompose(dummyset->init); + return false; } @@ -437,6 +443,7 @@ static int netlink_events_setelem_cb(const struct nlmsghdr *nlh, int type, dummyset->data = expr_clone(set->data); dummyset->flags = set->flags; dummyset->init = set_expr_alloc(monh->loc, set); + dummyset->desc.field_count = set->desc.field_count; nlsei = nftnl_set_elems_iter_create(nls); if (nlsei == NULL) diff --git a/tests/monitor/testcases/set-concat-interval.t b/tests/monitor/testcases/set-concat-interval.t new file mode 100644 index 00000000..763dc319 --- /dev/null +++ b/tests/monitor/testcases/set-concat-interval.t @@ -0,0 +1,12 @@ +# setup first +I add table ip t +I add chain ip t c +O - +J {"add": {"table": {"family": "ip", "name": "t", "handle": 0}}} +J {"add": {"chain": {"family": "ip", "table": "t", "name": "c", "handle": 0}}} + +# add set with elements, monitor output expectedly differs +I add map ip t s { typeof udp length . @ih,32,32 : verdict; flags interval; elements = { 20-80 . 0x14 : accept, 1-10 . 0xa : drop }; } +O add map ip t s { typeof udp length . @ih,32,32 : verdict; flags interval; } +O add element ip t s { 20-80 . 0x14 : accept } +O add element ip t s { 1-10 . 0xa : drop } |