From 508f3a27053169970211fc9a3f4ba973288f8d78 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Thu, 8 Dec 2022 01:35:05 +0100
Subject: netlink: swap byteorder of value component in concatenation of
 intervals

Commit 1017d323cafa ("src: support for selectors with different byteorder with
interval concatenations") was incomplete.

Switch byteorder of singleton values in a set that contains
concatenation of intervals. This singleton value is actually represented
as a range in the kernel.

After this patch, if the set represents a concatenation of intervals:

- EXPR_F_INTERVAL denotes the lhs of the interval.
- EXPR_F_INTERVAL_END denotes the rhs of the interval (this flag was
  already used in this way before this patch).

If none of these flags are set on, then the set contains concatenations
of singleton values (no interval flag is set on), in such case, no
byteorder swap is required.

Update tests/shell and tests/py to cover the use-case breakage reported
by Eric.

Fixes: 1017d323cafa ("src: support for selectors with different byteorder with interval concatenations")
Reported-by: Eric Garver <eric@garver.life>
Tested-by: Eric Garver <eric@garver.life>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/concat_interval_0           | 6 ++++++
 tests/shell/testcases/sets/dumps/concat_interval_0.nft | 7 +++++++
 2 files changed, 13 insertions(+)

(limited to 'tests/shell/testcases/sets')

diff --git a/tests/shell/testcases/sets/concat_interval_0 b/tests/shell/testcases/sets/concat_interval_0
index 3812a94d..4d90af9a 100755
--- a/tests/shell/testcases/sets/concat_interval_0
+++ b/tests/shell/testcases/sets/concat_interval_0
@@ -9,6 +9,12 @@ RULESET="table ip t {
 		counter
 		elements = { 1.0.0.1 . udp . 53 }
 	}
+	set s2 {
+		type ipv4_addr . mark
+		flags interval
+		elements = { 10.10.10.10 . 0x00000100,
+			     20.20.20.20 . 0x00000200 }
+	}
 }"
 
 $NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/dumps/concat_interval_0.nft b/tests/shell/testcases/sets/dumps/concat_interval_0.nft
index 875ec1d5..61547c5e 100644
--- a/tests/shell/testcases/sets/dumps/concat_interval_0.nft
+++ b/tests/shell/testcases/sets/dumps/concat_interval_0.nft
@@ -4,4 +4,11 @@ table ip t {
 		flags interval
 		counter
 	}
+
+	set s2 {
+		type ipv4_addr . mark
+		flags interval
+		elements = { 10.10.10.10 . 0x00000100,
+			     20.20.20.20 . 0x00000200 }
+	}
 }
-- 
cgit v1.2.3