diff options
author | Florian Westphal <fw@strlen.de> | 2018-03-27 09:29:54 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2018-03-27 11:36:58 +0200 |
commit | 483e5ea7167e1537accf4cb083b88a8beea8f834 (patch) | |
tree | 9828b350a3b59b8d201544a720359ce2663d4827 /src/netlink_linearize.c | |
parent | 65a9d639ddac244ff3abc9dfde30482ff4a4c336 (diff) |
src: avoid errouneous assert with map+concat
Phil reported following assert:
add rule ip6 f o mark set ip6 saddr . ip6 daddr . tcp dport \
map { dead::beef . f00::. 22 : 1 }
nft: netlink_linearize.c:655: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
This happens because "mark set" will allocate one register (the dreg),
but netlink_gen_concat_expr will populate a lot more register space if
the concat expression strings a lot of expressions together.
As the assert is useful pseudo-reserve the register space as per
concat->len and undo after generating the expressions.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'src/netlink_linearize.c')
-rw-r--r-- | src/netlink_linearize.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 1c06fc07..6c49969b 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -243,6 +243,7 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, { struct nftnl_expr *nle; enum nft_registers sreg; + int regspace = 0; assert(expr->mappings->ops->type == EXPR_SET_REF); @@ -251,7 +252,14 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, else sreg = dreg; + /* suppress assert in netlink_gen_expr */ + if (expr->map->ops->type == EXPR_CONCAT) { + regspace = netlink_register_space(expr->map->len); + ctx->reg_low += regspace; + } + netlink_gen_expr(ctx, expr->map, sreg); + ctx->reg_low -= regspace; nle = alloc_nft_expr("lookup"); netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg); |