From a5674886b45c9b3489aef8cc7435dd85afa9494a Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Wed, 16 Jun 2021 13:49:08 +0200 Subject: evaluate: unbreak verdict maps with implicit map with interval concatenations Verdict maps in combination with interval concatenations are broken, e.g. # nft add rule x y tcp dport . ip saddr vmap { 1025-65535 . 192.168.10.2 : accept } Retrieve the concatenation field length and count from the map->map expressions that represents the key of the implicit map. Signed-off-by: Pablo Neira Ayuso --- tests/py/ip/ip.t.json | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) (limited to 'tests/py/ip/ip.t.json') diff --git a/tests/py/ip/ip.t.json b/tests/py/ip/ip.t.json index 32312b15..b1085035 100644 --- a/tests/py/ip/ip.t.json +++ b/tests/py/ip/ip.t.json @@ -1635,3 +1635,53 @@ } } ] + +# ip saddr . ip daddr vmap { 192.168.5.1-192.168.5.128 . 192.168.6.1-192.168.6.128 : accept } +[ + { + "vmap": { + "data": { + "set": [ + [ + { + "concat": [ + { + "range": [ + "192.168.5.1", + "192.168.5.128" + ] + }, + { + "range": [ + "192.168.6.1", + "192.168.6.128" + ] + } + ] + }, + { + "accept": null + } + ] + ] + }, + "key": { + "concat": [ + { + "payload": { + "field": "saddr", + "protocol": "ip" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip" + } + } + ] + } + } + } +] + -- cgit v1.2.3