[PATCH nft] src: allow ifname use in concatenated named sets

Wed, 27 Jun 2018 17:22:20 -0700 

Don't attempt to evaluate dummy string value added as placeholder
for concatenated named sets.

 nft create set inet filter keepalived_ranges4 { type inet_service . ifname \; }
 Error: Empty string is not allowed

This should be allowed.  Also, this function uses ctx.dtype to
reallocate the constant expression, so never do this if we have
an invalid expression in the current eval context.

Fixes: https://bugzilla.netfilter.org/show_bug.cgi?id=1265
Signed-off-by: Florian Westphal <[email protected]>
---
 src/evaluate.c                                                | 3 +++
 tests/shell/testcases/sets/0029named_ifname_dtype_0           | 6 ++++++
 tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft | 6 ++++++
 3 files changed, 15 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index c4ee3cc94a3d..7373b8bea0ce 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -226,6 +226,9 @@ static int expr_evaluate_string(struct eval_ctx *ctx, 
struct expr **exprp)
                expr->len = ctx->ectx.len;
        }
 
+       if (ctx->ectx.dtype == &invalid_type)
+               return 0;
+
        memset(data + len, 0, data_len - len);
        mpz_export_data(data, expr->value, BYTEORDER_HOST_ENDIAN, len);
 
diff --git a/tests/shell/testcases/sets/0029named_ifname_dtype_0 
b/tests/shell/testcases/sets/0029named_ifname_dtype_0
index 532d892739f4..c86b39c64d0f 100755
--- a/tests/shell/testcases/sets/0029named_ifname_dtype_0
+++ b/tests/shell/testcases/sets/0029named_ifname_dtype_0
@@ -8,9 +8,15 @@ EXPECTED="table inet t {
                elements = { \"eth0\" }
        }
 
+       set sc {
+               type inet_service . ifname
+               elements = { 22 . \"eth0\" }
+       }
+
        chain c {
                iifname @s accept
                oifname @s accept
+               tcp dport . meta iifname @sc accept
        }
 }"
 
diff --git a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft 
b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
index 2c82e57d48e8..38afe3e39f3f 100644
--- a/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
+++ b/tests/shell/testcases/sets/dumps/0029named_ifname_dtype_0.nft
@@ -4,8 +4,14 @@ table inet t {
                elements = { "eth0" }
        }
 
+       set sc {
+               type inet_service . ifname
+               elements = { ssh . "eth0" }
+       }
+
        chain c {
                iifname @s accept
                oifname @s accept
+               tcp dport . iifname @sc accept
        }
 }
-- 
2.16.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to