* [PATCH nft 0/3] evaluate: fix crash on empty set restore
@ 2021-02-03 18:41 Florian Westphal
2021-02-03 18:42 ` [PATCH nft 1/3] testcases: move two dump files to correct location Florian Westphal
0 siblings, 1 reply; 4+ messages in thread
From: Florian Westphal @ 2021-02-03 18:41 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
nft crashes when it restores an empty set.
First patch moves two dump files to the correct location.
Those test cases now fail when the dump files are modified,
as expected.
Second patch adds crash reproducer test case.
Third patch avoids iteration when no statements exist in the set.
Florian Westphal (3):
testcases: move two dump files to correct location
tests: add empty dynamic set
evaluate: do not crash if dynamic set has no statements
src/evaluate.c | 10 ++++++----
.../dumps/0031priority_variable_0.nft} | 0
.../dumps/0035policy_variable_0.nft} | 0
tests/shell/testcases/nft-f/0025empty_dynset_0 | 16 ++++++++++++++++
.../testcases/nft-f/dumps/0025empty_dynset_0.nft | 12 ++++++++++++
5 files changed, 34 insertions(+), 4 deletions(-)
rename tests/shell/testcases/{nft-f/dumps/0021priority_variable_0.nft => chains/dumps/0031priority_variable_0.nft} (100%)
rename tests/shell/testcases/{nft-f/dumps/0025policy_variable_0.nft => chains/dumps/0035policy_variable_0.nft} (100%)
create mode 100755 tests/shell/testcases/nft-f/0025empty_dynset_0
create mode 100644 tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nft 1/3] testcases: move two dump files to correct location
2021-02-03 18:41 [PATCH nft 0/3] evaluate: fix crash on empty set restore Florian Westphal
@ 2021-02-03 18:42 ` Florian Westphal
2021-02-03 18:42 ` [PATCH nft 2/3] tests: add empty dynamic set Florian Westphal
2021-02-03 18:42 ` [PATCH nft 3/3] evaluate: do not crash if dynamic set has no statements Florian Westphal
0 siblings, 2 replies; 4+ messages in thread
From: Florian Westphal @ 2021-02-03 18:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
The test cases were moved but the dumps remained in the old location.
Fixes: eb14363d44cea5 ("tests: shell: move chain priority and policy to chain folder")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
.../dumps/0031priority_variable_0.nft} | 0
.../dumps/0035policy_variable_0.nft} | 0
2 files changed, 0 insertions(+), 0 deletions(-)
rename tests/shell/testcases/{nft-f/dumps/0021priority_variable_0.nft => chains/dumps/0031priority_variable_0.nft} (100%)
rename tests/shell/testcases/{nft-f/dumps/0025policy_variable_0.nft => chains/dumps/0035policy_variable_0.nft} (100%)
diff --git a/tests/shell/testcases/nft-f/dumps/0021priority_variable_0.nft b/tests/shell/testcases/chains/dumps/0031priority_variable_0.nft
similarity index 100%
rename from tests/shell/testcases/nft-f/dumps/0021priority_variable_0.nft
rename to tests/shell/testcases/chains/dumps/0031priority_variable_0.nft
diff --git a/tests/shell/testcases/nft-f/dumps/0025policy_variable_0.nft b/tests/shell/testcases/chains/dumps/0035policy_variable_0.nft
similarity index 100%
rename from tests/shell/testcases/nft-f/dumps/0025policy_variable_0.nft
rename to tests/shell/testcases/chains/dumps/0035policy_variable_0.nft
--
2.26.2
^ permalink raw reply [flat|nested] 4+ messages in thread
* [PATCH nft 2/3] tests: add empty dynamic set
2021-02-03 18:42 ` [PATCH nft 1/3] testcases: move two dump files to correct location Florian Westphal
@ 2021-02-03 18:42 ` Florian Westphal
2021-02-03 18:42 ` [PATCH nft 3/3] evaluate: do not crash if dynamic set has no statements Florian Westphal
1 sibling, 0 replies; 4+ messages in thread
From: Florian Westphal @ 2021-02-03 18:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
nft crashes on restore.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tests/shell/testcases/nft-f/0025empty_dynset_0 | 16 ++++++++++++++++
.../testcases/nft-f/dumps/0025empty_dynset_0.nft | 12 ++++++++++++
2 files changed, 28 insertions(+)
create mode 100755 tests/shell/testcases/nft-f/0025empty_dynset_0
create mode 100644 tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
diff --git a/tests/shell/testcases/nft-f/0025empty_dynset_0 b/tests/shell/testcases/nft-f/0025empty_dynset_0
new file mode 100755
index 000000000000..796628a7c69a
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0025empty_dynset_0
@@ -0,0 +1,16 @@
+#!/bin/sh
+
+RULESET="table ip foo {
+ set inflows {
+ type ipv4_addr . inet_service . ifname . ipv4_addr . inet_service
+ flags dynamic
+ elements = { 10.1.0.3 . 39466 . \"veth1\" . 10.3.0.99 . 5201 counter packets 0 bytes 0 }
+ }
+
+ set inflows6 {
+ type ipv6_addr . inet_service . ifname . ipv6_addr . inet_service
+ flags dynamic
+ }
+}"
+
+$NFT -f - <<< "$RULESET"
diff --git a/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
new file mode 100644
index 000000000000..559eb49fc2e1
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0025empty_dynset_0.nft
@@ -0,0 +1,12 @@
+table ip foo {
+ set inflows {
+ type ipv4_addr . inet_service . ifname . ipv4_addr . inet_service
+ flags dynamic
+ elements = { 10.1.0.3 . 39466 . "veth1" . 10.3.0.99 . 5201 counter packets 0 bytes 0 }
+ }
+
+ set inflows6 {
+ type ipv6_addr . inet_service . ifname . ipv6_addr . inet_service
+ flags dynamic
+ }
+}
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
* [PATCH nft 3/3] evaluate: do not crash if dynamic set has no statements
2021-02-03 18:42 ` [PATCH nft 1/3] testcases: move two dump files to correct location Florian Westphal
2021-02-03 18:42 ` [PATCH nft 2/3] tests: add empty dynamic set Florian Westphal
@ 2021-02-03 18:42 ` Florian Westphal
1 sibling, 0 replies; 4+ messages in thread
From: Florian Westphal @ 2021-02-03 18:42 UTC (permalink / raw)
To: netfilter-devel; +Cc: Florian Westphal
list_first_entry() returns garbage when the list is empty.
There is no need to run the following loop if we have no statements,
so just return 0.
Signed-off-by: Florian Westphal <fw@strlen.de>
---
src/evaluate.c | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 0b251ab5554c..2ddbde0a370f 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1363,10 +1363,12 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem)
"number of statements mismatch, set expects %d "
"but element has %d", num_set_exprs,
num_elem_exprs);
- } else if (num_set_exprs == 0 && !(set->flags & NFT_SET_EVAL)) {
- return expr_error(ctx->msgs, elem,
- "missing statements in %s definition",
- set_is_map(set->flags) ? "map" : "set");
+ } else if (num_set_exprs == 0) {
+ if (!(set->flags & NFT_SET_EVAL))
+ return expr_error(ctx->msgs, elem,
+ "missing statements in %s definition",
+ set_is_map(set->flags) ? "map" : "set");
+ return 0;
}
set_stmt = list_first_entry(&set->stmt_list, struct stmt, list);
--
2.26.2
^ permalink raw reply related [flat|nested] 4+ messages in thread
end of thread, other threads:[~2021-02-03 18:43 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-02-03 18:41 [PATCH nft 0/3] evaluate: fix crash on empty set restore Florian Westphal
2021-02-03 18:42 ` [PATCH nft 1/3] testcases: move two dump files to correct location Florian Westphal
2021-02-03 18:42 ` [PATCH nft 2/3] tests: add empty dynamic set Florian Westphal
2021-02-03 18:42 ` [PATCH nft 3/3] evaluate: do not crash if dynamic set has no statements Florian Westphal
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).