Phil reported following assert:
add rule ip6 f o mark set ip6 saddr . ip6 daddr . tcp dport \
map { dead::beef . f00::. 22 : 1 }
nft: netlink_linearize.c:655: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
This happens because "mark set" will allocate one register (the dreg),
but netlink_gen_concat_expr will populate a lot more register space if
the concat expression strings a lot of expressions together.
As the assert is useful pseudo-reserve the register space as per
concat->len and undo after generating the expressions.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Florian Westphal <fw@strlen.de>
{
struct nftnl_expr *nle;
enum nft_registers sreg;
+ int regspace = 0;
assert(expr->mappings->ops->type == EXPR_SET_REF);
else
sreg = dreg;
+ /* suppress assert in netlink_gen_expr */
+ if (expr->map->ops->type == EXPR_CONCAT) {
+ regspace = netlink_register_space(expr->map->len);
+ ctx->reg_low += regspace;
+ }
+
netlink_gen_expr(ctx, expr->map, sreg);
+ ctx->reg_low -= regspace;
nle = alloc_nft_expr("lookup");
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
projects / thirdparty / nftables.git / commitdiff
