monitor: do not call interval_map_decompose() for concat intervals

Without this, nft monitor will either print garbage or even segfault
when encountering a concat set because we pass expr->value to libgmp
helpers for concat (non-value) expressions.

Also, for concat case, we need to call concat_range_aggregate() helper.
Add a test case for this.  Without this patch, it gives:

tests/monitor/run-tests.sh: line 98: 1163 Segmentation fault
(core dumped) $nft -nn -e -f $command_file > $echo_output

Signed-off-by: Florian Westphal <fw@strlen.de>

diff --git a/src/monitor.c b/src/monitor.c
index 8ecb7d199505c8cbadda4287c30218270a339378..7fa92ebfb0f3a47a84f8a54b631e94ef4ce5370f 100644 (file)
--- a/src/monitor.c
+++ b/src/monitor.c
@@ -533,8 +533,13 @@ static int netlink_events_obj_cb(const struct nlmsghdr *nlh, int type,
 
 static void rule_map_decompose_cb(struct set *s, void *data)
 {
-       if (set_is_interval(s->flags) && set_is_anonymous(s->flags))
+       if (!set_is_anonymous(s->flags))
+               return;
+
+       if (set_is_non_concat_range(s))
                interval_map_decompose(s->init);
+       else if (set_is_interval(s->flags))
+               concat_range_aggregate(s->init);
 }
 
 static int netlink_events_rule_cb(const struct nlmsghdr *nlh, int type,

diff --git a/tests/monitor/testcases/set-interval.t b/tests/monitor/testcases/set-interval.t
index 1fbcfe222a2b03319f9b755d714085d5c6b26c66..b0649cdfe01e6b9200cbe530e1abe847d87a8628 100644 (file)
--- a/tests/monitor/testcases/set-interval.t
+++ b/tests/monitor/testcases/set-interval.t
@@ -23,3 +23,8 @@ J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "ex
 I add rule ip t c tcp dport { 20, 30-40 }
 O -
 J {"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"payload": {"protocol": "tcp", "field": "dport"}}, "right": {"set": [20, {"range": [30, 40]}]}}}]}}}
+
+# ... and anon concat range
+I add rule ip t c ether saddr . ip saddr { 08:00:27:40:f7:09 . 192.168.56.10-192.168.56.12 }
+O -
+{"add": {"rule": {"family": "ip", "table": "t", "chain": "c", "handle": 0, "expr": [{"match": {"op": "==", "left": {"concat": [{"payload": {"protocol": "ether", "field": "saddr"}}, {"payload": {"protocol": "ip", "field": "saddr"}}]}, "right": {"set": [{"concat": ["08:00:27:40:f7:09", {"range": ["192.168.56.10", "192.168.56.12"]}]}]}}}]}}}