Sorting order was obviously wrong, e.g. "ppp0" ordered before "eth1".
Moreover, this happened on Little Endian only so sorting order actually
depended on host's byteorder. By reimporting string values as Big
Endian, both issues are fixed: On one hand, GMP-internal byteorder no
longer depends on host's byteorder, on the other comparing strings
really starts with the first character, not the last.
Fixes: 14ee0a979b622 ("src: sort set elements in netlink_get_setelems()")
Signed-off-by: Phil Sutter <phil@nwl.cc>
case EXPR_RANGE:
return expr_msort_value(expr->left, value);
case EXPR_VALUE:
+ if (expr_basetype(expr)->type == TYPE_STRING) {
+ char buf[expr->len];
+
+ mpz_export_data(buf, expr->value, BYTEORDER_HOST_ENDIAN, expr->len);
+ mpz_import_data(value, buf, BYTEORDER_BIG_ENDIAN, expr->len);
+ return value;
+ }
return expr->value;
case EXPR_RANGE_VALUE:
return expr->range.low;
}
]
-# meta iifname {"dummy0", "lo"}
-[
- {
- "match": {
- "left": {
- "meta": { "key": "iifname" }
- },
- "op": "==",
- "right": {
- "set": [
- "lo",
- "dummy0"
- ]
- }
- }
- }
-]
-
-# meta iifname != {"dummy0", "lo"}
-[
- {
- "match": {
- "left": {
- "meta": { "key": "iifname" }
- },
- "op": "!=",
- "right": {
- "set": [
- "lo",
- "dummy0"
- ]
- }
- }
- }
-]
-
-# meta oifname { "dummy0", "lo"}
-[
- {
- "match": {
- "left": {
- "meta": { "key": "oifname" }
- },
- "op": "==",
- "right": {
- "set": [
- "lo",
- "dummy0"
- ]
- }
- }
- }
-]
-
# meta skuid {"bin", "root", "daemon"} accept
[
{
0
],
[
- "ppp0",
+ "eth1",
2
],
[
- "eth1",
+ "ppp0",
2
]
]
}
]
+# osf version { "Windows:XP", "MacOs:Sierra" }
+[
+ {
+ "match": {
+ "left": {
+ "osf": {
+ "key": "version"
+ }
+ },
+ "op": "==",
+ "right": {
+ "set": [
+ "MacOs:Sierra",
+ "Windows:XP"
+ ]
+ }
+ }
+ }
+]
+
# ct mark set osf name map { "Windows" : 0x00000001, "MacOs" : 0x00000002 }
[
{
}
}
]
+
+# ct mark set osf version map { "Windows:XP" : 0x00000003, "MacOs:Sierra" : 0x00000004 }
+[
+ {
+ "mangle": {
+ "key": {
+ "ct": {
+ "key": "mark"
+ }
+ },
+ "value": {
+ "map": {
+ "data": {
+ "set": [
+ [
+ "MacOs:Sierra",
+ 4
+ ],
+ [
+ "Windows:XP",
+ 3
+ ]
+ ]
+ },
+ "key": {
+ "osf": {
+ "key": "version"
+ }
+ }
+ }
+ }
+ }
+ }
+]
"map": "verdict",
"elem": [
[
- "lo",
+ "eth0",
{
- "accept": null
+ "drop": null
}
],
[
- "eth0",
+ "eth1",
{
"drop": null
}
],
[
- "eth1",
+ "lo",
{
- "drop": null
+ "accept": null
}
]
]
"data": {
"set": [
[
- "lo",
+ "eth0",
{
- "accept": null
+ "drop": null
}
],
[
- "eth0",
+ "eth1",
{
"drop": null
}
],
[
- "eth1",
+ "lo",
{
- "drop": null
+ "accept": null
}
]
]
table ip x {
map z {
type ifname : verdict
- elements = { "lo" : accept,
- "eth0" : drop,
- "eth1" : drop }
+ elements = { "eth0" : drop,
+ "eth1" : drop,
+ "lo" : accept }
}
chain y {
- iifname vmap { "lo" : accept, "eth0" : drop, "eth1" : drop }
+ iifname vmap { "eth0" : drop, "eth1" : drop, "lo" : accept }
}
}
},
"handle": 0,
"elem": [
- "sip",
- "ftp"
+ "ftp",
+ "sip"
]
}
},
set helpname {
typeof ct helper
- elements = { "sip",
- "ftp" }
+ elements = { "ftp",
+ "sip" }
}
chain y {
},
"right": {
"set": [
- "eth0",
- "abcdef0"
+ "abcdef0",
+ "eth0"
]
}
}
chain v4icmp {
iifname @simple counter packets 0 bytes 0
iifname @simple_wild counter packets 0 bytes 0
- iifname { "eth0", "abcdef0" } counter packets 0 bytes 0
+ iifname { "abcdef0", "eth0" } counter packets 0 bytes 0
iifname { "abcdef*", "eth0" } counter packets 0 bytes 0
iifname vmap @map_wild
}
projects / thirdparty / nftables.git / commitdiff
