From 741a06ac15d2bd903b33e5032f5f6fcd54bebc4e Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Thu, 3 Sep 2020 12:33:21 +0200 Subject: mergesort: find base value expression type via recursion Sets that store flags might contain a mixture of values and binary operations. Find the base value type via recursion to compare the expressions. Make sure concatenations are listed in a deterministic way via concat_expr_msort_value() which builds a mpz value with the tuple. Adjust a few tests after this update since listing differs after this update. Fixes: 14ee0a979b62 ("src: sort set elements in netlink_get_setelems()") Fixes: 3926a3369bb5 ("mergesort: unbreak listing with binops") Signed-off-by: Pablo Neira Ayuso --- .../nft-f/dumps/0012different_defines_0.nft | 2 +- tests/shell/testcases/sets/0055tcpflags_0 | 27 ++++++++++++++++++++++ .../sets/dumps/0037_set_with_inet_service_0.nft | 8 +++---- .../shell/testcases/sets/dumps/0055tcpflags_0.nft | 10 ++++++++ 4 files changed, 42 insertions(+), 5 deletions(-) create mode 100755 tests/shell/testcases/sets/0055tcpflags_0 create mode 100644 tests/shell/testcases/sets/dumps/0055tcpflags_0.nft (limited to 'tests') diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft index 7abced86..28094387 100644 --- a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft +++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft @@ -8,7 +8,7 @@ table inet t { ip6 daddr fe0::1 ip6 saddr fe0::2 ip saddr vmap { 10.0.0.0 : drop, 10.0.0.2 : accept } ip6 daddr vmap { fe0::1 : drop, fe0::2 : accept } - ip6 saddr . ip6 nexthdr { fe0::1 . udp, fe0::2 . tcp } + ip6 saddr . ip6 nexthdr { fe0::2 . tcp, fe0::1 . udp } ip daddr . iif vmap { 10.0.0.0 . "lo" : accept } tcp dport 100-222 udp dport vmap { 100-222 : accept } diff --git a/tests/shell/testcases/sets/0055tcpflags_0 b/tests/shell/testcases/sets/0055tcpflags_0 new file mode 100755 index 00000000..a2b24eb2 --- /dev/null +++ b/tests/shell/testcases/sets/0055tcpflags_0 @@ -0,0 +1,27 @@ +#!/bin/bash + +EXPECTED="add table ip test + +add set ip test tcp_good_flags { type tcp_flag ; flags constant ; elements = { + ( 0 | 0 | 0 |ack| 0 | 0 ), \ + ( 0 | 0 | 0 |ack| 0 |urg), \ + ( 0 | 0 | 0 |ack|psh| 0 ), \ + ( 0 | 0 | 0 |ack|psh|urg), \ + ( 0 | 0 |rst| 0 | 0 | 0 ), \ + ( 0 | 0 |rst|ack| 0 | 0 ), \ + ( 0 | 0 |rst|ack| 0 |urg), \ + ( 0 | 0 |rst|ack|psh| 0 ), \ + ( 0 | 0 |rst|ack|psh|urg), \ + ( 0 |syn| 0 | 0 | 0 | 0 ), \ + ( 0 |syn| 0 |ack| 0 | 0 ), \ + ( 0 |syn| 0 |ack| 0 |urg), \ + ( 0 |syn| 0 |ack|psh| 0 ), \ + ( 0 |syn| 0 |ack|psh|urg), \ + (fin| 0 | 0 |ack| 0 | 0 ), \ + (fin| 0 | 0 |ack| 0 |urg), \ + (fin| 0 | 0 |ack|psh| 0 ), \ + (fin| 0 | 0 |ack|psh|urg) \ +} ; }" + +set -e +$NFT -f - <<< $EXPECTED diff --git a/tests/shell/testcases/sets/dumps/0037_set_with_inet_service_0.nft b/tests/shell/testcases/sets/dumps/0037_set_with_inet_service_0.nft index 0e85f7c2..68b1f7be 100644 --- a/tests/shell/testcases/sets/dumps/0037_set_with_inet_service_0.nft +++ b/tests/shell/testcases/sets/dumps/0037_set_with_inet_service_0.nft @@ -1,11 +1,11 @@ table inet filter { set myset { type ipv4_addr . inet_proto . inet_service - elements = { 192.168.0.12 . tcp . 53, - 192.168.0.12 . tcp . 80, + elements = { 192.168.0.113 . tcp . 22, + 192.168.0.12 . tcp . 53, 192.168.0.12 . udp . 53, - 192.168.0.13 . tcp . 80, - 192.168.0.113 . tcp . 22 } + 192.168.0.12 . tcp . 80, + 192.168.0.13 . tcp . 80 } } chain forward { diff --git a/tests/shell/testcases/sets/dumps/0055tcpflags_0.nft b/tests/shell/testcases/sets/dumps/0055tcpflags_0.nft new file mode 100644 index 00000000..ffed5426 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0055tcpflags_0.nft @@ -0,0 +1,10 @@ +table ip test { + set tcp_good_flags { + type tcp_flag + flags constant + elements = { fin | psh | ack | urg, fin | psh | ack, fin | ack | urg, fin | ack, syn | psh | ack | urg, + syn | psh | ack, syn | ack | urg, syn | ack, syn, rst | psh | ack | urg, + rst | psh | ack, rst | ack | urg, rst | ack, rst, psh | ack | urg, + psh | ack, ack | urg, ack } + } +} -- cgit v1.2.3