dynset: avoid errouneous assert with ipv6 concat data

commit aa791a12cb2b23fb49c233e40b6e12e0e3ce6b9b upstream.

nft add rule ip6 table-test chain-1 update @map-X { ip6 saddr : 1000::1 . 5001 }
nft: src/netlink_linearize.c:873: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted (core dumped)

This is because we pass the EXPR_SET_ELEM expr to the register allocation,
which will make it reserve 1 128 bit register / 16 bytes.

This happens to be enough for most cases, but its not for ipv6 concat data.
Pass the actual key and data instead: This will reserve enough space to
hold a possible concat expression.

Also add test cases.

Signed-off-by: Son Dinh <dinhtrason@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c
index 15275402eafe6a8a5bdb28783b5e2ebfbc2845a2..527f3fc5471d63e3f7084f8f1b2b5d404550580a 100644 (file)
--- a/src/netlink_linearize.c
+++ b/src/netlink_linearize.c
@@ -1507,11 +1507,11 @@ static void netlink_gen_map_stmt(struct netlink_linearize_ctx *ctx,
        sreg_key = get_register(ctx, stmt->map.key->key);
        netlink_gen_expr(ctx, stmt->map.key->key, sreg_key);
 
-       sreg_data = get_register(ctx, stmt->map.data);
-       netlink_gen_expr(ctx, stmt->map.data, sreg_data);
+       sreg_data = get_register(ctx, stmt->map.data->key);
+       netlink_gen_expr(ctx, stmt->map.data->key, sreg_data);
 
        release_register(ctx, stmt->map.key->key);
-       release_register(ctx, stmt->map.data);
+       release_register(ctx, stmt->map.data->key);
 
        nle = alloc_nft_expr("dynset");
        netlink_put_register(nle, NFTNL_EXPR_DYNSET_SREG_KEY, sreg_key);