git.ipfire.org Git - thirdparty/nftables.git/commit

author	Anders K. Pedersen <akp@cohaesio.com>
	Wed, 4 Oct 2017 14:27:45 +0000 (14:27 +0000)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 6 Oct 2017 12:57:47 +0000 (14:57 +0200)
commit	22d2010109193e6ee201d7cd4e8aaf5cda4539a0
tree	dd2ea386adcc05022d7cc5d847225c66106d40e4	tree
parent	68508628c497be54e935f28fe5b28e87d6d17368	commit \| diff

netlink_linearize: skip set element expression in set statement key

Before this patch the following fails:

# nft add rule ip6 filter x \
set add ip6 saddr . ip6 daddr @test
nft: netlink_linearize.c:648: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed.
Aborted

This is was previously fixed for flow statements in fbea4a6f4449
("netlink_linearize: skip set element expression in flow table key"), and
this patch implements the same change for set statements by using the set
element key in netlink_gen_set_stmt().

nft-test.py is updated to support set types with concatenated data types
in order to support testing of this.

Signed-off-by: Anders K. Pedersen <akp@cohaesio.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/netlink_linearize.c		diff \| blob \| blame \| history
tests/py/ip/sets.t		diff \| blob \| blame \| history
tests/py/ip/sets.t.payload.inet		diff \| blob \| blame \| history
tests/py/ip/sets.t.payload.ip		diff \| blob \| blame \| history
tests/py/ip/sets.t.payload.netdev		diff \| blob \| blame \| history
tests/py/ip6/sets.t		diff \| blob \| blame \| history
tests/py/ip6/sets.t.payload.inet		diff \| blob \| blame \| history
tests/py/ip6/sets.t.payload.ip6		diff \| blob \| blame \| history
tests/py/ip6/sets.t.payload.netdev		diff \| blob \| blame \| history
tests/py/nft-test.py		diff \| blob \| blame \| history