From: Jeremy Sowden <jeremy@azazel.net>
Date: Thu, 23 Mar 2023 16:58:44 +0000 (+0100)
Subject: netlink_delinearize: correct type and byte-order of shifts
X-Git-Tag: v1.0.6.1~294
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=161d7d39e01d16f0813daf9699fd269e135b8256;p=thirdparty%2Fnftables.git

netlink_delinearize: correct type and byte-order of shifts

commit cab08c47e687104c3774e196240f3da1ad2834e7 upstream.

Downgrade to base type integer instead of the specific type from the
expression that is used in the shift operation.

Without this, listing a rule like:

  ct mark set ip dscp lshift 2 or 0x10

will return:

  ct mark set ip dscp << 2 | cs2

because the type of the OR's right operand will be transitively derived
from `ip dscp`.  However, this is not valid syntax:

  # nft add rule t c ct mark set ip dscp '<<' 2 '|' cs2
  Error: Could not parse integer
  add rule t c ct mark set ip dscp << 2 | cs2
                                          ^^^

Use xinteger_type to print the output in hexadecimal.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---

diff --git a/src/netlink_delinearize.c b/src/netlink_delinearize.c
index 623347bc..fc99149e 100644
--- a/src/netlink_delinearize.c
+++ b/src/netlink_delinearize.c
@@ -2669,8 +2669,17 @@ static void expr_postprocess(struct rule_pp_ctx *ctx, struct expr **exprp)
 		}
 		expr_postprocess(ctx, &expr->right);
 
-		expr_set_type(expr, expr->left->dtype,
-			      expr->left->byteorder);
+		switch (expr->op) {
+		case OP_LSHIFT:
+		case OP_RSHIFT:
+			expr_set_type(expr, &xinteger_type,
+				      BYTEORDER_HOST_ENDIAN);
+			break;
+		default:
+			expr_set_type(expr, expr->left->dtype,
+				      expr->left->byteorder);
+		}
+
 		break;
 	case EXPR_RELATIONAL:
 		switch (expr->left->etype) {