diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-05 18:33:14 +0100 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-06 12:16:07 +0100 |
| commit | 57f092a87fc4bc61e29cff31dfff976e1f2005ab (patch) | |
| tree | 38fd37b1c6dda9e82800ad57757cf7ba7bf0499c /tests/py/ip6/ip6.t.payload.inet | |
| parent | d392ddf243dcbf8a34726c777d2c669b1e8bfa85 (diff) | |
evaluate: reset statement length context only for set mappings
map expression (which is used a key to look up for the mapping) needs to
consider the statement length context, otherwise incorrect bytecode is
generated when {ct,meta} statement is generated.
# nft -f - <<EOF
add table ip6 t
add chain ip6 t c
add map ip6 t mapv6 { typeof ip6 dscp : meta mark; }
EOF
# nft -d netlink add rule ip6 t c meta mark set ip6 dscp map @mapv6
ip6 t c
[ payload load 2b @ network header + 0 => reg 1 ]
[ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ]
... missing byteorder conversion here before shift ...
[ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ]
[ lookup reg 1 set mapv6 dreg 1 ]
[ meta set mark with reg 1 ]
Reset statement length context only for the mapping side for the
elements in the set.
Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand")
Reported-by: Brian Davidson <davidson.brian@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/py/ip6/ip6.t.payload.inet')
| -rw-r--r-- | tests/py/ip6/ip6.t.payload.inet | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/tests/py/ip6/ip6.t.payload.inet b/tests/py/ip6/ip6.t.payload.inet index 20dfe549..214a0ed9 100644 --- a/tests/py/ip6/ip6.t.payload.inet +++ b/tests/py/ip6/ip6.t.payload.inet @@ -53,6 +53,29 @@ ip6 test-ip6 input [ lookup reg 1 set __map%d dreg 0 ] [ counter pkts 0 bytes 0 ] +# meta mark set ip6 dscp map @map1 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ lookup reg 1 set map1 dreg 1 ] + [ meta set mark with reg 1 ] + +# meta mark set ip6 dscp . ip6 daddr map @map2 +inet test-inet input + [ meta load nfproto => reg 1 ] + [ cmp eq reg 1 0x0000000a ] + [ payload load 2b @ network header + 0 => reg 1 ] + [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] + [ byteorder reg 1 = ntoh(reg 1, 2, 2) ] + [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] + [ payload load 16b @ network header + 24 => reg 9 ] + [ lookup reg 1 set map2 dreg 1 ] + [ meta set mark with reg 1 ] + # ip6 flowlabel 22 inet test-inet input [ meta load nfproto => reg 1 ] |