segtree: zap element statement when decomposing interval

author Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 6 Jul 2020 08:48:16 +0000 (10:48 +0200)

committer Pablo Neira Ayuso <pablo@netfilter.org>

Mon, 6 Jul 2020 16:54:27 +0000 (18:54 +0200)
author Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 6 Jul 2020 08:48:16 +0000 (10:48 +0200)
committer Pablo Neira Ayuso <pablo@netfilter.org>
Mon, 6 Jul 2020 16:54:27 +0000 (18:54 +0200)
diff --git a/src/segtree.c b/src/segtree.c

index b6ca6083ea0b745ec58590a0a0b94ed15bb994fa..49169e733cffdf9df89e72d4efa0c6757a5e9d5e 100644 (file)
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -1027,6 +1027,10 @@ void interval_map_decompose(struct expr *set)
                                         tmp->timeout = low->left->timeout;
                                 if (low->left->expiration)
                                         tmp->expiration = low->left->expiration;
+                               if (low->left->stmt) {
+                                       tmp->stmt = low->left->stmt;
+                                       low->left->stmt = NULL;
+                               }
  
                                 tmp = mapping_expr_alloc(&tmp->location, tmp,
                                                          expr_clone(low->right));
@@ -1037,6 +1041,10 @@ void interval_map_decompose(struct expr *set)
                                         tmp->timeout = low->timeout;
                                 if (low->expiration)
                                         tmp->expiration = low->expiration;
+                               if (low->stmt) {
+                                       tmp->stmt = low->stmt;
+                                       low->stmt = NULL;
+                               }
                         }
  
                         compound_expr_add(set, tmp);
@@ -1059,6 +1067,10 @@ void interval_map_decompose(struct expr *set)
                                         prefix->timeout = low->left->timeout;
                                 if (low->left->expiration)
                                         prefix->expiration = low->left->expiration;
+                               if (low->left->stmt) {
+                                       prefix->stmt = low->left->stmt;
+                                       low->left->stmt = NULL;
+                               }
  
                                 prefix = mapping_expr_alloc(&low->location, prefix,
                                                             expr_clone(low->right));
@@ -1069,6 +1081,10 @@ void interval_map_decompose(struct expr *set)
                                         prefix->timeout = low->timeout;
                                 if (low->expiration)
                                         prefix->expiration = low->expiration;
+                               if (low->stmt) {
+                                       prefix->stmt = low->stmt;
+                                       low->stmt = NULL;
+                               }
                         }
  
                         compound_expr_add(set, prefix);
diff --git a/tests/shell/testcases/sets/0051set_interval_counter_0 b/tests/shell/testcases/sets/0051set_interval_counter_0

new file mode 100755 (executable)

index 0000000..ea90e26
--- /dev/null
+++ b/tests/shell/testcases/sets/0051set_interval_counter_0
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+       set s {
+               type ipv4_addr
+               flags interval
+               counter
+               elements = { 192.168.2.0/24 }
+       }
+
+       chain y {
+               type filter hook output priority filter; policy accept;
+               ip daddr @s
+       }
+}"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft

new file mode 100644 (file)

index 0000000..fd488a7
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
@@ -0,0 +1,13 @@
+table ip x {
+       set s {
+               type ipv4_addr
+               flags interval
+               counter
+               elements = { 192.168.2.0/24 counter packets 0 bytes 0 }
+       }
+
+       chain y {
+               type filter hook output priority filter; policy accept;
+               ip daddr @s
+       }
+}
author	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 6 Jul 2020 08:48:16 +0000 (10:48 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Mon, 6 Jul 2020 16:54:27 +0000 (18:54 +0200)
src/segtree.c		patch \| blob \| blame \| history
tests/shell/testcases/sets/0051set_interval_counter_0	[new file with mode: 0755]	patch \| blob
tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft	[new file with mode: 0644]	patch \| blob