From 22d2010109193e6ee201d7cd4e8aaf5cda4539a0 Mon Sep 17 00:00:00 2001
From: "Anders K. Pedersen" <akp@cohaesio.com>
Date: Wed, 4 Oct 2017 14:27:45 +0000
Subject: netlink_linearize: skip set element expression in set statement key

Before this patch the following fails:

# nft add rule ip6 filter x \
	set add ip6 saddr . ip6 daddr @test
nft: netlink_linearize.c:648: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted

This is was previously fixed for flow statements in fbea4a6f4449
("netlink_linearize: skip set element expression in flow table key"), and
this patch implements the same change for set statements by using the set
element key in netlink_gen_set_stmt().

nft-test.py is updated to support set types with concatenated data types
in order to support testing of this.

Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/py/ip6/sets.t.payload.ip6 | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'tests/py/ip6/sets.t.payload.ip6')

diff --git a/tests/py/ip6/sets.t.payload.ip6 b/tests/py/ip6/sets.t.payload.ip6
index 0fab365a..f55da6ec 100644
--- a/tests/py/ip6/sets.t.payload.ip6
+++ b/tests/py/ip6/sets.t.payload.ip6
@@ -10,3 +10,16 @@ ip6 test-ip6 input
   [ lookup reg 1 set set2 0x1 ]
   [ immediate reg 0 drop ]
 
+# ip6 saddr . ip6 daddr @set5 drop
+ip6 test-ip6 input
+  [ payload load 16b @ network header + 8 => reg 1 ]
+  [ payload load 16b @ network header + 24 => reg 2 ]
+  [ lookup reg 1 set set5 ]
+  [ immediate reg 0 drop ]
+
+# set add ip6 saddr . ip6 daddr @set5
+ip6 test-ip6 input
+  [ payload load 16b @ network header + 8 => reg 1 ]
+  [ payload load 16b @ network header + 24 => reg 2 ]
+  [ dynset add reg_key 1 set set5 ]
+
-- 
cgit v1.2.3