From 818f7dded9c9e8a89a2de98801425536180ae307 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 1 Jun 2022 19:09:31 +0200
Subject: evaluate: reset ctx->set after set interval evaluation

Otherwise bogus error reports on set datatype mismatch might occur, such as:

Error: datatype mismatch, expected Internet protocol, expression has type IPv4 address
    meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1
    ~~~~~~~~~~~~ ^^^^^^^^^^^^

with an unrelated set declaration.

table ip test {
       set set_with_interval {
               type ipv4_addr
               flags interval
       }

       chain prerouting {
               type nat hook prerouting priority dstnat; policy accept;
               meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1
       }
}

This bug has been introduced in the evaluation step.

Reported-by: Roman Petrov <nwhisper@gmail.com>
Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge)"
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/dumps/set_eval_0.nft | 11 +++++++++++
 tests/shell/testcases/sets/set_eval_0           | 17 +++++++++++++++++
 2 files changed, 28 insertions(+)
 create mode 100644 tests/shell/testcases/sets/dumps/set_eval_0.nft
 create mode 100755 tests/shell/testcases/sets/set_eval_0

(limited to 'tests')

diff --git a/tests/shell/testcases/sets/dumps/set_eval_0.nft b/tests/shell/testcases/sets/dumps/set_eval_0.nft
new file mode 100644
index 00000000..a45462b8
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/set_eval_0.nft
@@ -0,0 +1,11 @@
+table ip nat {
+	set set_with_interval {
+		type ipv4_addr
+		flags interval
+	}
+
+	chain prerouting {
+		type nat hook prerouting priority dstnat; policy accept;
+		meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1
+	}
+}
diff --git a/tests/shell/testcases/sets/set_eval_0 b/tests/shell/testcases/sets/set_eval_0
new file mode 100755
index 00000000..82b6d3bc
--- /dev/null
+++ b/tests/shell/testcases/sets/set_eval_0
@@ -0,0 +1,17 @@
+#!/bin/bash
+
+set -e
+
+RULESET="table ip nat {
+        set set_with_interval {
+                type ipv4_addr
+                flags interval
+        }
+
+        chain prerouting {
+                type nat hook prerouting priority dstnat; policy accept;
+                meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1
+        }
+}"
+
+$NFT -f - <<< $RULESET
-- 
cgit v1.2.3