From 57f092a87fc4bc61e29cff31dfff976e1f2005ab Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 5 Nov 2023 18:33:14 +0100 Subject: evaluate: reset statement length context only for set mappings map expression (which is used a key to look up for the mapping) needs to consider the statement length context, otherwise incorrect bytecode is generated when {ct,meta} statement is generated. # nft -f - < reg 1 ] [ bitwise reg 1 = ( reg 1 & 0x0000c00f ) ^ 0x00000000 ] ... missing byteorder conversion here before shift ... [ bitwise reg 1 = ( reg 1 >> 0x00000006 ) ] [ lookup reg 1 set mapv6 dreg 1 ] [ meta set mark with reg 1 ] Reset statement length context only for the mapping side for the elements in the set. Fixes: edecd58755a8 ("evaluate: support shifts larger than the width of the left operand") Reported-by: Brian Davidson Signed-off-by: Pablo Neira Ayuso --- tests/py/ip6/ip6.t.json | 58 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) (limited to 'tests/py/ip6/ip6.t.json') diff --git a/tests/py/ip6/ip6.t.json b/tests/py/ip6/ip6.t.json index cf802175..5411190d 100644 --- a/tests/py/ip6/ip6.t.json +++ b/tests/py/ip6/ip6.t.json @@ -135,6 +135,64 @@ } ] +# meta mark set ip6 dscp map @map1 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map1", + "key": { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + } + } + } + } + } +] + +# meta mark set ip6 dscp . ip6 daddr map @map2 +[ + { + "mangle": { + "key": { + "meta": { + "key": "mark" + } + }, + "value": { + "map": { + "data": "@map2", + "key": { + "concat": [ + { + "payload": { + "field": "dscp", + "protocol": "ip6" + } + }, + { + "payload": { + "field": "daddr", + "protocol": "ip6" + } + } + ] + } + } + } + } + } +] + # ip6 flowlabel 22 [ { -- cgit v1.2.3