Blame SOURCES/0004-monitor-Fix-output-for-ranges-in-anonymous-sets.patch

911625
From 2e7cb6c2d46d9b8b91ff4b5d6797b7544c23ba44 Mon Sep 17 00:00:00 2001
911625
From: Phil Sutter <psutter@redhat.com>
911625
Date: Mon, 13 Jan 2020 16:58:57 +0100
911625
Subject: [PATCH] monitor: Fix output for ranges in anonymous sets
911625
911625
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1774742
911625
Upstream Status: nftables commit ddbacd70d061e
911625
911625
commit ddbacd70d061eb1b6808f501969809bfb5d03001
911625
Author: Phil Sutter <phil@nwl.cc>
911625
Date:   Mon Jan 13 14:53:24 2020 +0100
911625
911625
    monitor: Fix output for ranges in anonymous sets
911625
911625
    Previous fix for named interval sets was simply wrong: Instead of
911625
    limiting decomposing to anonymous interval sets, it effectively disabled
911625
    it entirely.
911625
911625
    Since code needs to check for both interval and anonymous bits
911625
    separately, introduce set_is_interval() helper to keep the code
911625
    readable.
911625
911625
    Also extend test case to assert ranges in anonymous sets are correctly
911625
    printed by echo or monitor modes. Without this fix, range boundaries are
911625
    printed as individual set elements.
911625
911625
    Fixes: 5d57fa3e99bb9 ("monitor: Do not decompose non-anonymous sets")
911625
    Signed-off-by: Phil Sutter <phil@nwl.cc>
911625
    Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
911625
---
911625
 include/rule.h                         | 5 +++++
911625
 src/monitor.c                          | 2 +-
911625
 tests/monitor/testcases/set-interval.t | 5 +++++
911625
 3 files changed, 11 insertions(+), 1 deletion(-)
911625
911625
diff --git a/include/rule.h b/include/rule.h
911625
index 0b2eba3..47eb29f 100644
911625
--- a/include/rule.h
911625
+++ b/include/rule.h
911625
@@ -363,6 +363,11 @@ static inline bool set_is_meter(uint32_t set_flags)
911625
 	return set_is_anonymous(set_flags) && (set_flags & NFT_SET_EVAL);
911625
 }
911625
 
911625
+static inline bool set_is_interval(uint32_t set_flags)
911625
+{
911625
+	return set_flags & NFT_SET_INTERVAL;
911625
+}
911625
+
911625
 #include <statement.h>
911625
 
911625
 struct counter {
911625
diff --git a/src/monitor.c b/src/monitor.c
911625
index 0da9858..fb803cf 100644
911625
--- a/src/monitor.c
911625
+++ b/src/monitor.c
911625
@@ -500,7 +500,7 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
911625
 
911625
 static void rule_map_decompose_cb(struct set *s, void *data)
911625
 {
911625
-	if (s->flags & (NFT_SET_INTERVAL & NFT_SET_ANONYMOUS))
911625
+	if (set_is_interval(s->flags) && set_is_anonymous(s->flags))
911625
 		interval_map_decompose(s->init);
911625
 }
911625
 
911625
diff --git a/tests/monitor/testcases/set-interval.t b/tests/monitor/testcases/set-interval.t
911625
index 59930c5..1fbcfe2 100644
911625
--- a/tests/monitor/testcases/set-interval.t
911625
+++ b/tests/monitor/testcases/set-interval.t
911625
@@ -18,3 +18,8 @@ J {"add": {"element": {"family": "ip", "table": "t", "name": "s", "elem": {"set"
911625
 I add rule ip t c tcp dport @s
911625
 O -
911625
 J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": "@s"}}]}}}
911625
+
911625
+# test anonymous interval sets as well
911625
+I add rule ip t c tcp dport { 20, 30-40 }
911625
+O -
911625
+J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}}
911625
-- 
8ff5ad
2.31.1
911625