|
|
a05102 |
From ed405d0eafc7b1f71013cf42f9ed550d64ec56c5 Mon Sep 17 00:00:00 2001
|
|
|
a05102 |
From: Phil Sutter <psutter@redhat.com>
|
|
|
a05102 |
Date: Wed, 6 Jun 2018 10:44:43 +0200
|
|
|
a05102 |
Subject: [PATCH] src: avoid errouneous assert with map+concat
|
|
|
a05102 |
|
|
|
a05102 |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1540917
|
|
|
a05102 |
Upstream Status: nftables commit 483e5ea7167e1
|
|
|
a05102 |
|
|
|
a05102 |
commit 483e5ea7167e1537accf4cb083b88a8beea8f834
|
|
|
a05102 |
Author: Florian Westphal <fw@strlen.de>
|
|
|
a05102 |
Date: Tue Mar 27 09:29:54 2018 +0200
|
|
|
a05102 |
|
|
|
a05102 |
src: avoid errouneous assert with map+concat
|
|
|
a05102 |
|
|
|
a05102 |
Phil reported following assert:
|
|
|
a05102 |
|
|
|
a05102 |
add rule ip6 f o mark set ip6 saddr . ip6 daddr . tcp dport \
|
|
|
a05102 |
map { dead::beef . f00::. 22 : 1 }
|
|
|
a05102 |
nft: netlink_linearize.c:655: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
|
|
|
a05102 |
|
|
|
a05102 |
This happens because "mark set" will allocate one register (the dreg),
|
|
|
a05102 |
but netlink_gen_concat_expr will populate a lot more register space if
|
|
|
a05102 |
the concat expression strings a lot of expressions together.
|
|
|
a05102 |
|
|
|
a05102 |
As the assert is useful pseudo-reserve the register space as per
|
|
|
a05102 |
concat->len and undo after generating the expressions.
|
|
|
a05102 |
|
|
|
a05102 |
Reported-by: Phil Sutter <phil@nwl.cc>
|
|
|
a05102 |
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
a05102 |
---
|
|
|
a05102 |
src/netlink_linearize.c | 8 ++++++++
|
|
|
a05102 |
1 file changed, 8 insertions(+)
|
|
|
a05102 |
|
|
|
a05102 |
diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
|
|
|
a05102 |
index a268dcc..e9a4515 100644
|
|
|
a05102 |
--- a/src/netlink_linearize.c
|
|
|
a05102 |
+++ b/src/netlink_linearize.c
|
|
|
a05102 |
@@ -243,6 +243,7 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
|
|
|
a05102 |
{
|
|
|
a05102 |
struct nftnl_expr *nle;
|
|
|
a05102 |
enum nft_registers sreg;
|
|
|
a05102 |
+ int regspace = 0;
|
|
|
a05102 |
|
|
|
a05102 |
assert(expr->mappings->ops->type == EXPR_SET_REF);
|
|
|
a05102 |
|
|
|
a05102 |
@@ -251,7 +252,14 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
|
|
|
a05102 |
else
|
|
|
a05102 |
sreg = dreg;
|
|
|
a05102 |
|
|
|
a05102 |
+ /* suppress assert in netlink_gen_expr */
|
|
|
a05102 |
+ if (expr->map->ops->type == EXPR_CONCAT) {
|
|
|
a05102 |
+ regspace = netlink_register_space(expr->map->len);
|
|
|
a05102 |
+ ctx->reg_low += regspace;
|
|
|
a05102 |
+ }
|
|
|
a05102 |
+
|
|
|
a05102 |
netlink_gen_expr(ctx, expr->map, sreg);
|
|
|
a05102 |
+ ctx->reg_low -= regspace;
|
|
|
a05102 |
|
|
|
a05102 |
nle = alloc_nft_expr("lookup");
|
|
|
a05102 |
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
|
|
|
a05102 |
--
|
|
|
a05102 |
1.8.3.1
|
|
|
a05102 |
|