diff options
| author | Phil Sutter <phil@nwl.cc> | 2020-01-13 14:53:24 +0100 |
|---|---|---|
| committer | Phil Sutter <phil@nwl.cc> | 2020-01-13 16:55:37 +0100 |
| commit | ddbacd70d061eb1b6808f501969809bfb5d03001 (patch) | |
| tree | bab9f7925906890439edf1bc8329b429d7080954 | |
| parent | eb5034108cdc60341b2d61599077db935b6bbc4f (diff) | |
monitor: Fix output for ranges in anonymous sets
Previous fix for named interval sets was simply wrong: Instead of
limiting decomposing to anonymous interval sets, it effectively disabled
it entirely.
Since code needs to check for both interval and anonymous bits
separately, introduce set_is_interval() helper to keep the code
readable.
Also extend test case to assert ranges in anonymous sets are correctly
printed by echo or monitor modes. Without this fix, range boundaries are
printed as individual set elements.
Fixes: 5d57fa3e99bb9 ("monitor: Do not decompose non-anonymous sets")
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
| -rw-r--r-- | include/rule.h | 5 | ||||
| -rw-r--r-- | src/monitor.c | 2 | ||||
| -rw-r--r-- | tests/monitor/testcases/set-interval.t | 5 |
3 files changed, 11 insertions, 1 deletions
diff --git a/include/rule.h b/include/rule.h index 6301fe35..d5b31765 100644 --- a/include/rule.h +++ b/include/rule.h @@ -363,6 +363,11 @@ static inline bool set_is_meter(uint32_t set_flags) return set_is_anonymous(set_flags) && (set_flags & NFT_SET_EVAL); } +static inline bool set_is_interval(uint32_t set_flags) +{ + return set_flags & NFT_SET_INTERVAL; +} + #include <statement.h> struct counter { diff --git a/src/monitor.c b/src/monitor.c index 53a8bcd4..142cc929 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -501,7 +501,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, static void rule_map_decompose_cb(struct set *s, void *data) { - if (s->flags & (NFT_SET_INTERVAL & NFT_SET_ANONYMOUS)) + if (set_is_interval(s->flags) && set_is_anonymous(s->flags)) interval_map_decompose(s->init); } diff --git a/tests/monitor/testcases/set-interval.t b/tests/monitor/testcases/set-interval.t index 59930c58..1fbcfe22 100644 --- a/tests/monitor/testcases/set-interval.t +++ b/tests/monitor/testcases/set-interval.t @@ -18,3 +18,8 @@ J {"add": {"element": {"family": "ip", "table": "t", "name": "s", "elem": {"set" I add rule ip t c tcp dport @s O - J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": "@s"}}]}}} + +# test anonymous interval sets as well +I add rule ip t c tcp dport { 20, 30-40 } +O - +J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}} |