[PATCH nft] netlink: restore typeof interval map data type

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH nft] netlink: restore typeof interval map data type
@ 2023-05-01 16:51 Florian Westphal
  2023-05-02  8:24 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Florian Westphal @ 2023-05-01 16:51 UTC (permalink / raw)
  To: netfilter-devel; +Cc: Florian Westphal

When "typeof ... : interval ..." gets used, existing logic
failed to validate the expressions.

"interval" means that kernel reserves twice the size,
so consider this when validating and restoring.

Also fix up the dump file of the existing test
case to be symmetrical.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 src/netlink.c                                              | 7 ++++++-
 .../testcases/sets/dumps/0067nat_concat_interval_0.nft     | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/netlink.c b/src/netlink.c
index f1452d48f424..3352ad0abb61 100644
--- a/src/netlink.c
+++ b/src/netlink.c
@@ -1024,10 +1024,15 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
 	list_splice_tail(&set_parse_ctx.stmt_list, &set->stmt_list);
 
 	if (datatype) {
+		uint32_t dlen;
+
 		dtype = set_datatype_alloc(datatype, databyteorder);
 		klen = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN) * BITS_PER_BYTE;
 
-		if (set_udata_key_valid(typeof_expr_data, klen)) {
+		dlen = data_interval ?  klen / 2 : klen;
+
+		if (set_udata_key_valid(typeof_expr_data, dlen)) {
+			typeof_expr_data->len = klen;
 			datatype_free(datatype_get(dtype));
 			set->data = typeof_expr_data;
 		} else {
diff --git a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
index 6af47c6682ce..0215691e28ee 100644
--- a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
+++ b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
@@ -18,14 +18,14 @@ table ip nat {
 	}
 
 	map ipportmap4 {
-		type ifname . ipv4_addr : interval ipv4_addr
+		typeof iifname . ip saddr : interval ip daddr
 		flags interval
 		elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69/32,
 			     "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
 	}
 
 	map ipportmap5 {
-		type ifname . ipv4_addr : interval ipv4_addr . inet_service
+		typeof iifname . ip saddr : interval ip daddr . tcp dport
 		flags interval
 		elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22,
 			     "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
-- 
2.40.1


^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH nft] netlink: restore typeof interval map data type
  2023-05-01 16:51 [PATCH nft] netlink: restore typeof interval map data type Florian Westphal
@ 2023-05-02  8:24 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2023-05-02  8:24 UTC (permalink / raw)
  To: Florian Westphal; +Cc: netfilter-devel

On Mon, May 01, 2023 at 06:51:19PM +0200, Florian Westphal wrote:
> When "typeof ... : interval ..." gets used, existing logic
> failed to validate the expressions.
> 
> "interval" means that kernel reserves twice the size,
> so consider this when validating and restoring.
> 
> Also fix up the dump file of the existing test
> case to be symmetrical.

LGTM. Thanks, I wanted to have at this bug too, it was on my list.

> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
>  src/netlink.c                                              | 7 ++++++-
>  .../testcases/sets/dumps/0067nat_concat_interval_0.nft     | 4 ++--
>  2 files changed, 8 insertions(+), 3 deletions(-)
> 
> diff --git a/src/netlink.c b/src/netlink.c
> index f1452d48f424..3352ad0abb61 100644
> --- a/src/netlink.c
> +++ b/src/netlink.c
> @@ -1024,10 +1024,15 @@ struct set *netlink_delinearize_set(struct netlink_ctx *ctx,
>  	list_splice_tail(&set_parse_ctx.stmt_list, &set->stmt_list);
>  
>  	if (datatype) {
> +		uint32_t dlen;
> +
>  		dtype = set_datatype_alloc(datatype, databyteorder);
>  		klen = nftnl_set_get_u32(nls, NFTNL_SET_DATA_LEN) * BITS_PER_BYTE;
>  
> -		if (set_udata_key_valid(typeof_expr_data, klen)) {
> +		dlen = data_interval ?  klen / 2 : klen;
> +
> +		if (set_udata_key_valid(typeof_expr_data, dlen)) {
> +			typeof_expr_data->len = klen;
>  			datatype_free(datatype_get(dtype));
>  			set->data = typeof_expr_data;
>  		} else {
> diff --git a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
> index 6af47c6682ce..0215691e28ee 100644
> --- a/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
> +++ b/tests/shell/testcases/sets/dumps/0067nat_concat_interval_0.nft
> @@ -18,14 +18,14 @@ table ip nat {
>  	}
>  
>  	map ipportmap4 {
> -		type ifname . ipv4_addr : interval ipv4_addr
> +		typeof iifname . ip saddr : interval ip daddr
>  		flags interval
>  		elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69/32,
>  			     "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 }
>  	}
>  
>  	map ipportmap5 {
> -		type ifname . ipv4_addr : interval ipv4_addr . inet_service
> +		typeof iifname . ip saddr : interval ip daddr . tcp dport
>  		flags interval
>  		elements = { "enp2s0" . 10.1.1.136 : 1.1.2.69 . 22,
>  			     "enp2s0" . 10.1.1.1-10.1.1.135 : 1.1.2.66-1.84.236.78 . 22 }
> -- 
> 2.40.1
> 

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2023-05-02  8:25 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-05-01 16:51 [PATCH nft] netlink: restore typeof interval map data type Florian Westphal
2023-05-02  8:24 ` Pablo Neira Ayuso

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.