diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-03-06 00:51:03 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2019-03-06 11:12:41 +0100 |
commit | b1436403417697b8647956ff91d40a5982aba477 (patch) | |
tree | 9f1d1a9eb61f752d0a4ce2f479cc07a72fc0828e /tests/shell/testcases/sets | |
parent | 2277a8cf318359885be67aad566c70f497551cca (diff) |
segtree: add missing non-matching segment to set in flat representation
# cat test.nft
add set x y { type ipv4_addr; }
add element x y { 10.0.24.0/24 }
# nft -f test.nft
# nft delete element x y { 10.0.24.0/24 }
bogusly returns -ENOENT. The non-matching segment (0.0.0.0 with end-flag
set on) is not added to the set in the example above.
This patch also adds a test to cover this case.
Fixes: 4935a0d561b5 ("segtree: special handling for the first non-matching segment")
Reported-by: Václav Zindulka <vaclav.zindulka@tlapnet.cz>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/sets')
-rwxr-xr-x | tests/shell/testcases/sets/0035add_set_elements_flat_0 | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/shell/testcases/sets/0035add_set_elements_flat_0 b/tests/shell/testcases/sets/0035add_set_elements_flat_0 new file mode 100755 index 00000000..d914ba98 --- /dev/null +++ b/tests/shell/testcases/sets/0035add_set_elements_flat_0 @@ -0,0 +1,10 @@ +#!/bin/bash + +RULESET="add table ip x +add set x y {type ipv4_addr; flags interval;} +add element x y { 10.0.24.0/24 } +" + +set -e +$NFT -f - <<< "$RULESET" +$NFT delete element x y { 10.0.24.0/24 } |