fib: Fix for existence check on Big Endian

Adjust the expression size to 1B so cmp expression value is correct.
Without this, the rule 'fib saddr . iif check exists' generates
following byte code on BE:

|  [ fib saddr . iif oif present => reg 1 ]
|  [ cmp eq reg 1 0x00000001 ]

Though with NFTA_FIB_F_PRESENT flag set, nft_fib.ko writes to the first
byte of reg 1 only (using nft_reg_store8()). With this patch in place,
byte code is correct:

|  [ fib saddr . iif oif present => reg 1 ]
|  [ cmp eq reg 1 0x01000000 ]

Fixes: f686a17eafa0b ("fib: Support existence check")
Cc: Yi Chen <yiche@redhat.com>
Signed-off-by: Phil Sutter <phil@nwl.cc>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 8cecbe09de01ce08f93a4b39e8fec5c242a624c0..6a1aa4963bceb169a125b77e490ed5e344e0ec15 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3002,6 +3002,7 @@ static int expr_evaluate_fib(struct eval_ctx *ctx, struct expr **exprp)
        if (expr->flags & EXPR_F_BOOLEAN) {
                expr->fib.flags |= NFTA_FIB_F_PRESENT;
                datatype_set(expr, &boolean_type);
+               expr->len = BITS_PER_BYTE;
        }
        return expr_evaluate_primary(ctx, exprp);
 }

diff --git a/src/fib.c b/src/fib.c
index 5383613292a5e89a91f0e05488a0be65b9709bc5..4db7cd2bbc9c3ff9372c7d03cc74aa1406a01498 100644 (file)
--- a/src/fib.c
+++ b/src/fib.c
@@ -198,8 +198,10 @@ struct expr *fib_expr_alloc(const struct location *loc,
                BUG("Unknown result %d\n", result);
        }
 
-       if (flags & NFTA_FIB_F_PRESENT)
+       if (flags & NFTA_FIB_F_PRESENT) {
                type = &boolean_type;
+               len = BITS_PER_BYTE;
+       }
 
        expr = expr_alloc(loc, EXPR_FIB, type,
                          BYTEORDER_HOST_ENDIAN, len);