From cd54a9bb2da0686ad3684741f3b8f6696639013f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 17 Mar 2021 00:44:09 +0100
Subject: segtree: release single element already contained in an interval

Before this patch:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.1 }
        }
 }

results in:

 table ip x {
        chain y {
                ip saddr { 1.1.1.1 }
        }
 }

due to incorrect interval merge logic.

If the element 1.1.1.1 is already contained in an existing interval
1.1.1.1-1.1.1.2, release it.

Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1512
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/0061anonymous_automerge_0          | 11 +++++++++++
 .../shell/testcases/sets/dumps/0061anonymous_automerge_0.nft  |  5 +++++
 2 files changed, 16 insertions(+)
 create mode 100755 tests/shell/testcases/sets/0061anonymous_automerge_0
 create mode 100644 tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft

(limited to 'tests/shell/testcases/sets')

diff --git a/tests/shell/testcases/sets/0061anonymous_automerge_0 b/tests/shell/testcases/sets/0061anonymous_automerge_0
new file mode 100755
index 00000000..2dfb800e
--- /dev/null
+++ b/tests/shell/testcases/sets/0061anonymous_automerge_0
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip x {
+	chain y {
+		ip saddr { 1.1.1.1-1.1.1.2, 1.1.1.1 }
+	}
+}"
+
+$NFT -f - <<< $RULESET
diff --git a/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft b/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft
new file mode 100644
index 00000000..04361f4c
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0061anonymous_automerge_0.nft
@@ -0,0 +1,5 @@
+table ip x {
+	chain y {
+		ip saddr { 1.1.1.1-1.1.1.2 }
+	}
+}
-- 
cgit v1.2.3