[PATCH nft 6/6] ct timeout: fix 'list object x' vs. 'list objects in table' confusion

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Florian Westphal <fw@strlen.de>
To: <netfilter-devel@vger.kernel.org>
Cc: Florian Westphal <fw@strlen.de>
Subject: [PATCH nft 6/6] ct timeout: fix 'list object x' vs. 'list objects in table' confusion
Date: Mon, 19 Jun 2023 22:43:06 +0200	[thread overview]
Message-ID: <20230619204306.11785-7-fw@strlen.de> (raw)
In-Reply-To: <20230619204306.11785-1-fw@strlen.de>

<empty ruleset>
$ nft list ct timeout table t
Error: No such file or directory
list ct timeout table t
                      ^
This is expected to list all 'ct timeout' objects.
The failure is correct, the table 't' does not exist.

But now lets add one:
$ nft add table t
$ nft list ct timeout  table t
Segmentation fault (core dumped)

... and thats not expected, nothing should be shown
and nft should exit normally.

Because of missing TIMEOUTS command enum, the backend thinks
it should do an object lookup, but as frontend asked for
'list of objects' rather than 'show this object',
handle.obj.name is NULL, which then results in this crash.

Update the command enums so that backend knows what the
frontend asked for.

Signed-off-by: Florian Westphal <fw@strlen.de>
---
 include/rule.h     | 1 +
 src/cache.c        | 1 +
 src/evaluate.c     | 1 +
 src/parser_bison.y | 2 +-
 src/rule.c         | 1 +
 5 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/include/rule.h b/include/rule.h
index fa3915298750..b360e2614c78 100644
--- a/include/rule.h
+++ b/include/rule.h
@@ -645,6 +645,7 @@ enum cmd_obj {
 	CMD_OBJ_FLOWTABLE,
 	CMD_OBJ_FLOWTABLES,
 	CMD_OBJ_CT_TIMEOUT,
+	CMD_OBJ_CT_TIMEOUTS,
 	CMD_OBJ_SECMARK,
 	CMD_OBJ_SECMARKS,
 	CMD_OBJ_CT_EXPECT,
diff --git a/src/cache.c b/src/cache.c
index becfa57fc335..d908ae0ad192 100644
--- a/src/cache.c
+++ b/src/cache.c
@@ -370,6 +370,7 @@ static int nft_handle_validate(const struct cmd *cmd, struct list_head *msgs)
 	case CMD_OBJ_CT_HELPER:
 	case CMD_OBJ_CT_HELPERS:
 	case CMD_OBJ_CT_TIMEOUT:
+	case CMD_OBJ_CT_TIMEOUTS:
 	case CMD_OBJ_CT_EXPECT:
 		if (h->table.name &&
 		    strlen(h->table.name) > NFT_NAME_MAXLEN) {
diff --git a/src/evaluate.c b/src/evaluate.c
index efab28952e32..687f9a7b5924 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5441,6 +5441,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_FLOWTABLES:
 	case CMD_OBJ_SECMARKS:
 	case CMD_OBJ_SYNPROXYS:
+	case CMD_OBJ_CT_TIMEOUTS:
 		if (cmd->handle.table.name == NULL)
 			return 0;
 		if (!table_cache_find(&ctx->nft->cache.table_cache,
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 8a559103250e..47eb81f70aee 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4757,7 +4757,7 @@ ct_obj_type		:	HELPER		{ $$ = NFT_OBJECT_CT_HELPER; }
 			;
 
 ct_cmd_type		:	HELPERS		{ $$ = CMD_OBJ_CT_HELPERS; }
-			|	TIMEOUT		{ $$ = CMD_OBJ_CT_TIMEOUT; }
+			|	TIMEOUT		{ $$ = CMD_OBJ_CT_TIMEOUTS; }
 			|	EXPECTATION	{ $$ = CMD_OBJ_CT_EXPECT; }
 			;
 
diff --git a/src/rule.c b/src/rule.c
index 1faa1a27f38e..3704600a87be 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -2351,6 +2351,7 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
 	case CMD_OBJ_CT_HELPERS:
 		return do_list_obj(ctx, cmd, NFT_OBJECT_CT_HELPER);
 	case CMD_OBJ_CT_TIMEOUT:
+	case CMD_OBJ_CT_TIMEOUTS:
 		return do_list_obj(ctx, cmd, NFT_OBJECT_CT_TIMEOUT);
 	case CMD_OBJ_CT_EXPECT:
 		return do_list_obj(ctx, cmd, NFT_OBJECT_CT_EXPECT);
-- 
2.39.3

     prev parent reply	other threads:[~2023-06-19 20:43 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-06-19 20:43 [PATCH nft 0/6] Misc parser fixes Florian Westphal
2023-06-19 20:43 ` [PATCH nft 1/6] json: dccp: remove erroneous const qualifier Florian Westphal
2023-06-19 20:43 ` [PATCH nft 2/6] evaluate: do not abort when prefix map has non-map element Florian Westphal
2023-06-19 20:43 ` [PATCH nft 3/6] parser: don't assert on scope underflows Florian Westphal
2023-06-19 20:43 ` [PATCH nft 4/6] parser: reject zero-length interface names Florian Westphal
2023-06-20 16:02   ` Pablo Neira Ayuso
2023-06-19 20:43 ` [PATCH nft 5/6] parser: reject zero-length interface names in flowtables Florian Westphal
2023-06-19 20:43 ` Florian Westphal [this message]

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:fa391529875 dfblob:b360e2614c7 dfblob:becfa57fc33
dfblob:d908ae0ad19 dfblob:efab28952e3 dfblob:687f9a7b592
dfblob:8a559103250 dfblob:47eb81f70ae dfblob:1faa1a27f38
dfblob:3704600a87b )
 OR (
bs:"[PATCH nft 6/6] ct timeout: fix 'list object x' vs. 'list objects in table' confusion" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20230619204306.11785-7-fw@strlen.de \
    --to=fw@strlen.de \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).