From d9957a5c57a11df8233ea4a7c91c579af511e4b6 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 11 Aug 2021 05:24:48 +0200 Subject: tcpopt: bogus assertion on undefined options # nft add rule x y tcp option 6 exists # nft list ruleset nft: tcpopt.c:208: tcpopt_init_raw: Assertion `expr->exthdr.desc != NULL' failed. Aborted Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1557 Signed-off-by: Pablo Neira Ayuso --- tests/py/any/tcpopt.t | 1 + tests/py/any/tcpopt.t.json | 17 +++++++++++++++++ tests/py/any/tcpopt.t.payload | 5 +++++ 3 files changed, 23 insertions(+) (limited to 'tests/py/any') diff --git a/tests/py/any/tcpopt.t b/tests/py/any/tcpopt.t index f17a20b5..bcc64eac 100644 --- a/tests/py/any/tcpopt.t +++ b/tests/py/any/tcpopt.t @@ -31,6 +31,7 @@ tcp option timestamp length 1;ok tcp option timestamp tsval 1;ok tcp option timestamp tsecr 1;ok tcp option 255 missing;ok +tcp option 6 exists;ok tcp option @255,8,8 255;ok tcp option foobar;fail diff --git a/tests/py/any/tcpopt.t.json b/tests/py/any/tcpopt.t.json index 139e97d8..a45b4c8b 100644 --- a/tests/py/any/tcpopt.t.json +++ b/tests/py/any/tcpopt.t.json @@ -414,6 +414,23 @@ } ] +# tcp option 6 exists +[ + { + "match": { + "left": { + "tcp option": { + "base": 6, + "len": 8, + "offset": 0 + } + }, + "op": "==", + "right": true + } + } +] + # tcp option 255 missing [ { diff --git a/tests/py/any/tcpopt.t.payload b/tests/py/any/tcpopt.t.payload index 1005df32..51f3a752 100644 --- a/tests/py/any/tcpopt.t.payload +++ b/tests/py/any/tcpopt.t.payload @@ -133,6 +133,11 @@ inet [ exthdr load tcpopt 1b @ 255 + 0 present => reg 1 ] [ cmp eq reg 1 0x00000000 ] +# tcp option 6 exists +inet + [ exthdr load tcpopt 1b @ 6 + 0 present => reg 1 ] + [ cmp eq reg 1 0x00000001 ] + # tcp option @255,8,8 255 inet [ exthdr load tcpopt 1b @ 255 + 1 => reg 1 ] -- cgit v1.2.3