Blame SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch

3730f4
From 2e7cb6c2d46d9b8b91ff4b5d6797b7544c23ba44 Mon Sep 17 00:00:00 2001
3730f4
From: Phil Sutter <psutter@redhat.com>
3730f4
Date: Mon, 13 Jan 2020 16:58:57 +0100
cc550a
Subject: [PATCH] monitor: Fix output for ranges in anonymous sets
cc550a
3730f4
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1774742
3730f4
Upstream Status: nftables commit ddbacd70d061e
cc550a
3730f4
commit ddbacd70d061eb1b6808f501969809bfb5d03001
3730f4
Author: Phil Sutter <phil@nwl.cc>
3730f4
Date:   Mon Jan 13 14:53:24 2020 +0100
cc550a
3730f4
    monitor: Fix output for ranges in anonymous sets
cc550a
3730f4
    Previous fix for named interval sets was simply wrong: Instead of
3730f4
    limiting decomposing to anonymous interval sets, it effectively disabled
3730f4
    it entirely.
cc550a
3730f4
    Since code needs to check for both interval and anonymous bits
3730f4
    separately, introduce set_is_interval() helper to keep the code
3730f4
    readable.
cc550a
3730f4
    Also extend test case to assert ranges in anonymous sets are correctly
3730f4
    printed by echo or monitor modes. Without this fix, range boundaries are
3730f4
    printed as individual set elements.
3730f4
3730f4
    Fixes: 5d57fa3e99bb9 ("monitor: Do not decompose non-anonymous sets")
3730f4
    Signed-off-by: Phil Sutter <phil@nwl.cc>
3730f4
    Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
cc550a
---
3730f4
 include/rule.h                         | 5 +++++
3730f4
 src/monitor.c                          | 2 +-
3730f4
 tests/monitor/testcases/set-interval.t | 5 +++++
3730f4
 3 files changed, 11 insertions(+), 1 deletion(-)
cc550a
cc550a
diff --git a/include/rule.h b/include/rule.h
3730f4
index 0b2eba3..47eb29f 100644
cc550a
--- a/include/rule.h
cc550a
+++ b/include/rule.h
3730f4
@@ -363,6 +363,11 @@ static inline bool set_is_meter(uint32_t set_flags)
3730f4
 	return set_is_anonymous(set_flags) && (set_flags & NFT_SET_EVAL);
3730f4
 }
cc550a
 
cc550a
+static inline bool set_is_interval(uint32_t set_flags)
cc550a
+{
cc550a
+	return set_flags & NFT_SET_INTERVAL;
cc550a
+}
cc550a
+
cc550a
 #include <statement.h>
cc550a
 
cc550a
 struct counter {
cc550a
diff --git a/src/monitor.c b/src/monitor.c
3730f4
index 0da9858..fb803cf 100644
cc550a
--- a/src/monitor.c
cc550a
+++ b/src/monitor.c
cc550a
@@ -500,7 +500,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
cc550a
 
cc550a
 static void rule_map_decompose_cb(struct set *s, void *data)
cc550a
 {
cc550a
-	if (s->flags & (NFT_SET_INTERVAL & NFT_SET_ANONYMOUS))
cc550a
+	if (set_is_interval(s->flags) && set_is_anonymous(s->flags))
cc550a
 		interval_map_decompose(s->init);
cc550a
 }
cc550a
 
cc550a
diff --git a/tests/monitor/testcases/set-interval.t b/tests/monitor/testcases/set-interval.t
3730f4
index 59930c5..1fbcfe2 100644
cc550a
--- a/tests/monitor/testcases/set-interval.t
cc550a
+++ b/tests/monitor/testcases/set-interval.t
cc550a
@@ -18,3 +18,8 @@ J {"add": {"element": {"family": "ip", "table": "t", "name": "s", "elem": {"set"
cc550a
 I add rule ip t c tcp dport @s
cc550a
 O -
cc550a
 J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": "@s"}}]}}}
cc550a
+
cc550a
+# test anonymous interval sets as well
cc550a
+I add rule ip t c tcp dport { 20, 30-40 }
cc550a
+O -
cc550a
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}}
cc550a
-- 
3730f4
1.8.3.1
cc550a