authorAnders K. Pedersen <>2017-10-04 14:27:45 +0000
committerPablo Neira Ayuso <>2017-10-06 14:57:47 +0200
commit22d2010109193e6ee201d7cd4e8aaf5cda4539a0 (patch)
treedd2ea386adcc05022d7cc5d847225c66106d40e4 /src
parent68508628c497be54e935f28fe5b28e87d6d17368 (diff)
netlink_linearize: skip set element expression in set statement key
Before this patch the following fails: # nft add rule ip6 filter x \ set add ip6 saddr . ip6 daddr @test nft: netlink_linearize.c:648: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed. Aborted This is was previously fixed for flow statements in fbea4a6f4449 ("netlink_linearize: skip set element expression in flow table key"), and this patch implements the same change for set statements by using the set element key in netlink_gen_set_stmt(). is updated to support set types with concatenated data types in order to support testing of this. Signed-off-by: Anders K. Pedersen <> Signed-off-by: Pablo Neira Ayuso <>
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 1712cba2..fb2d2501 100644
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1208,9 +1208,9 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx,
struct nftnl_expr *nle;
enum nft_registers sreg_key;
- sreg_key = get_register(ctx, stmt->set.key);
- netlink_gen_expr(ctx, stmt->set.key, sreg_key);
- release_register(ctx, stmt->set.key);
+ sreg_key = get_register(ctx, stmt->set.key->key);
+ netlink_gen_expr(ctx, stmt->set.key->key, sreg_key);
+ release_register(ctx, stmt->set.key->key);
nle = alloc_nft_expr("dynset");
netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);