|
 |
1d03cd |
From 8099eb08541428efe92c4a1a4cbaf3530fd125e7 Mon Sep 17 00:00:00 2001
|
|
|
1d03cd |
From: Phil Sutter <psutter@redhat.com>
|
|
|
1d03cd |
Date: Thu, 9 Feb 2023 10:25:59 +0100
|
|
|
1d03cd |
Subject: [PATCH] intervals: check for EXPR_F_REMOVE in case of element
|
|
|
1d03cd |
mismatch
|
|
|
1d03cd |
|
|
|
1d03cd |
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2115627
|
|
|
1d03cd |
Upstream Status: nftables commit 6d1ee9267e7e5
|
|
|
1d03cd |
|
|
|
1d03cd |
commit 6d1ee9267e7e5e429a84d7bb8a8644f9eebddb22
|
|
|
1d03cd |
Author: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
1d03cd |
Date: Thu Jun 23 18:41:21 2022 +0200
|
|
|
1d03cd |
|
|
|
1d03cd |
intervals: check for EXPR_F_REMOVE in case of element mismatch
|
|
|
1d03cd |
|
|
|
1d03cd |
If auto-merge is disable and element to be deleted finds no exact
|
|
|
1d03cd |
matching, then bail out.
|
|
|
1d03cd |
|
|
|
1d03cd |
Fixes: 3e8d934e4f72 ("intervals: support to partial deletion with automerge")
|
|
|
1d03cd |
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
|
|
|
1d03cd |
|
|
|
1d03cd |
Signed-off-by: Phil Sutter <psutter@redhat.com>
|
|
|
1d03cd |
---
|
|
|
1d03cd |
src/intervals.c | 4 ++++
|
|
|
1d03cd |
tests/shell/testcases/sets/errors_0 | 20 ++++++++++++++++++--
|
|
|
1d03cd |
2 files changed, 22 insertions(+), 2 deletions(-)
|
|
|
1d03cd |
|
|
|
1d03cd |
diff --git a/src/intervals.c b/src/intervals.c
|
|
|
1d03cd |
index c21b3ee..13009ca 100644
|
|
|
1d03cd |
--- a/src/intervals.c
|
|
|
1d03cd |
+++ b/src/intervals.c
|
|
|
1d03cd |
@@ -421,6 +421,10 @@ static int setelem_delete(struct list_head *msgs, struct set *set,
|
|
|
1d03cd |
expr_error(msgs, i, "element does not exist");
|
|
|
1d03cd |
err = -1;
|
|
|
1d03cd |
goto err;
|
|
|
1d03cd |
+ } else if (i->flags & EXPR_F_REMOVE) {
|
|
|
1d03cd |
+ expr_error(msgs, i, "element does not exist");
|
|
|
1d03cd |
+ err = -1;
|
|
|
1d03cd |
+ goto err;
|
|
|
1d03cd |
}
|
|
|
1d03cd |
prev = NULL;
|
|
|
1d03cd |
}
|
|
|
1d03cd |
diff --git a/tests/shell/testcases/sets/errors_0 b/tests/shell/testcases/sets/errors_0
|
|
|
1d03cd |
index 2960b69..a676ac7 100755
|
|
|
1d03cd |
--- a/tests/shell/testcases/sets/errors_0
|
|
|
1d03cd |
+++ b/tests/shell/testcases/sets/errors_0
|
|
|
1d03cd |
@@ -1,7 +1,5 @@
|
|
|
1d03cd |
#!/bin/bash
|
|
|
1d03cd |
|
|
|
1d03cd |
-set -e
|
|
|
1d03cd |
-
|
|
|
1d03cd |
RULESET="table ip x {
|
|
|
1d03cd |
set y {
|
|
|
1d03cd |
type ipv4_addr
|
|
|
1d03cd |
@@ -11,4 +9,22 @@ RULESET="table ip x {
|
|
|
1d03cd |
|
|
|
1d03cd |
delete element ip x y { 2.3.4.5 }"
|
|
|
1d03cd |
|
|
|
1d03cd |
+$NFT -f - <<< $RULESET
|
|
|
1d03cd |
+if [ $? -eq 0 ]
|
|
|
1d03cd |
+then
|
|
|
1d03cd |
+ exit 1
|
|
|
1d03cd |
+fi
|
|
|
1d03cd |
+
|
|
|
1d03cd |
+RULESET="table ip x {
|
|
|
1d03cd |
+ set y {
|
|
|
1d03cd |
+ type ipv4_addr
|
|
|
1d03cd |
+ flags interval
|
|
|
1d03cd |
+ }
|
|
|
1d03cd |
+}
|
|
|
1d03cd |
+
|
|
|
1d03cd |
+add element x y { 1.1.1.1/24 }
|
|
|
1d03cd |
+delete element x y { 1.1.1.1/24 }
|
|
|
1d03cd |
+add element x y { 1.1.1.1/24 }
|
|
|
1d03cd |
+delete element x y { 2.2.2.2/24 }"
|
|
|
1d03cd |
+
|
|
|
1d03cd |
$NFT -f - <<< $RULESET || exit 0
|
|
|
1d03cd |
--
|
|
|
1d03cd |
2.39.1
|
|
|
1d03cd |
|