From 7ab453a033c9afda1d3f339263e482d6ab1f664f Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 17 Nov 2021 14:26:21 +0100 Subject: monitor: do not call interval_map_decompose() for concat intervals Without this, nft monitor will either print garbage or even segfault when encountering a concat set because we pass expr->value to libgmp helpers for concat (non-value) expressions. Also, for concat case, we need to call concat_range_aggregate() helper. Add a test case for this. Without this patch, it gives: tests/monitor/run-tests.sh: line 98: 1163 Segmentation fault (core dumped) $nft -nn -e -f $command_file > $echo_output Signed-off-by: Florian Westphal --- src/monitor.c | 7 ++++++- tests/monitor/testcases/set-interval.t | 5 +++++ 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/src/monitor.c b/src/monitor.c index 8ecb7d19..7fa92ebf 100644 --- a/src/monitor.c +++ b/src/monitor.c @@ -533,8 +533,13 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type, static void rule_map_decompose_cb(struct set *s, void *data) { - if (set_is_interval(s->flags) && set_is_anonymous(s->flags)) + if (!set_is_anonymous(s->flags)) + return; + + if (set_is_non_concat_range(s)) interval_map_decompose(s->init); + else if (set_is_interval(s->flags)) + concat_range_aggregate(s->init); } static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type, diff --git a/tests/monitor/testcases/set-interval.t b/tests/monitor/testcases/set-interval.t index 1fbcfe22..b0649cdf 100644 --- a/tests/monitor/testcases/set-interval.t +++ b/tests/monitor/testcases/set-interval.t @@ -23,3 +23,8 @@ J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "ex I add rule ip t c tcp dport { 20, 30-40 } O - J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}} + +# ... and anon concat range +I add rule ip t c ether saddr . ip saddr { 08:00:27:40:f7:09 . 192.168.56.10-192.168.56.12 } +O - +{"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ether", "field": "saddr"}}, {"payload": {"protocol": "ip", "field": "saddr"}}]}, "right": {"set": [{"concat": ["08:00:27:40:f7:09", {"range": ["192.168.56.10", "192.168.56.12"]}]}]}}}]}}} -- cgit v1.2.3