diff options
author | Anders K. Pedersen <akp@cohaesio.com> | 2017-10-04 14:27:45 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-10-06 14:57:47 +0200 |
commit | 22d2010109193e6ee201d7cd4e8aaf5cda4539a0 (patch) | |
tree | dd2ea386adcc05022d7cc5d847225c66106d40e4 /src | |
parent | 68508628c497be54e935f28fe5b28e87d6d17368 (diff) |
netlink_linearize: skip set element expression in set statement key
Before this patch the following fails:
# nft add rule ip6 filter x \
set add ip6 saddr . ip6 daddr @test
nft: netlink_linearize.c:648: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted
This is was previously fixed for flow statements in fbea4a6f4449
("netlink_linearize: skip set element expression in flow table key"), and
this patch implements the same change for set statements by using the set
element key in netlink_gen_set_stmt().
nft-test.py is updated to support set types with concatenated data types
in order to support testing of this.
Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/netlink_linearize.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 1712cba2..fb2d2501 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1208,9 +1208,9 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, struct nftnl_expr *nle; enum nft_registers sreg_key; - sreg_key = get_register(ctx, stmt->set.key); - netlink_gen_expr(ctx, stmt->set.key, sreg_key); - release_register(ctx, stmt->set.key); + sreg_key = get_register(ctx, stmt->set.key->key); + netlink_gen_expr(ctx, stmt->set.key->key, sreg_key); + release_register(ctx, stmt->set.key->key); nle = alloc_nft_expr("dynset"); netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key); |