107 lines
3.3 KiB
Diff
107 lines
3.3 KiB
Diff
From 1d2e22fc0521bcf73ee1f891c291dc1bde47a6bb Mon Sep 17 00:00:00 2001
|
|
From: Florian Westphal <fw@strlen.de>
|
|
Date: Mon, 19 Jun 2023 22:43:06 +0200
|
|
Subject: ct timeout: fix 'list object x' vs. 'list objects in table' confusion
|
|
|
|
<empty ruleset>
|
|
$ nft list ct timeout table t
|
|
Error: No such file or directory
|
|
list ct timeout table t
|
|
^
|
|
This is expected to list all 'ct timeout' objects.
|
|
The failure is correct, the table 't' does not exist.
|
|
|
|
But now lets add one:
|
|
$ nft add table t
|
|
$ nft list ct timeout table t
|
|
Segmentation fault (core dumped)
|
|
|
|
... and thats not expected, nothing should be shown
|
|
and nft should exit normally.
|
|
|
|
Because of missing TIMEOUTS command enum, the backend thinks
|
|
it should do an object lookup, but as frontend asked for
|
|
'list of objects' rather than 'show this object',
|
|
handle.obj.name is NULL, which then results in this crash.
|
|
|
|
Update the command enums so that backend knows what the
|
|
frontend asked for.
|
|
|
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
Conflict:NA
|
|
Reference:https://git.netfilter.org/nftables/commit/?id=1d2e22fc0521bcf73ee1f891c291dc1bde47a6bb
|
|
|
|
---
|
|
include/rule.h | 1 +
|
|
src/cache.c | 1 +
|
|
src/evaluate.c | 1 +
|
|
src/parser_bison.y | 2 +-
|
|
src/rule.c | 1 +
|
|
5 files changed, 5 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/include/rule.h b/include/rule.h
|
|
index fa391529..b360e261 100644
|
|
--- a/include/rule.h
|
|
+++ b/include/rule.h
|
|
@@ -645,6 +645,7 @@ enum cmd_obj {
|
|
CMD_OBJ_FLOWTABLE,
|
|
CMD_OBJ_FLOWTABLES,
|
|
CMD_OBJ_CT_TIMEOUT,
|
|
+ CMD_OBJ_CT_TIMEOUTS,
|
|
CMD_OBJ_SECMARK,
|
|
CMD_OBJ_SECMARKS,
|
|
CMD_OBJ_CT_EXPECT,
|
|
diff --git a/src/cache.c b/src/cache.c
|
|
index becfa57f..d908ae0a 100644
|
|
--- a/src/cache.c
|
|
+++ b/src/cache.c
|
|
@@ -370,6 +370,7 @@ static int nft_handle_validate(const struct cmd *cmd, struct list_head *msgs)
|
|
case CMD_OBJ_CT_HELPER:
|
|
case CMD_OBJ_CT_HELPERS:
|
|
case CMD_OBJ_CT_TIMEOUT:
|
|
+ case CMD_OBJ_CT_TIMEOUTS:
|
|
case CMD_OBJ_CT_EXPECT:
|
|
if (h->table.name &&
|
|
strlen(h->table.name) > NFT_NAME_MAXLEN) {
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index efab2895..687f9a7b 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -5441,6 +5441,7 @@ static int cmd_evaluate_list(struct eval_ctx *ctx, struct cmd *cmd)
|
|
case CMD_OBJ_FLOWTABLES:
|
|
case CMD_OBJ_SECMARKS:
|
|
case CMD_OBJ_SYNPROXYS:
|
|
+ case CMD_OBJ_CT_TIMEOUTS:
|
|
if (cmd->handle.table.name == NULL)
|
|
return 0;
|
|
if (!table_cache_find(&ctx->nft->cache.table_cache,
|
|
diff --git a/src/parser_bison.y b/src/parser_bison.y
|
|
index e7ee56c1..beb277b6 100644
|
|
--- a/src/parser_bison.y
|
|
+++ b/src/parser_bison.y
|
|
@@ -4757,7 +4757,7 @@ ct_obj_type : HELPER { $$ = NFT_OBJECT_CT_HELPER; }
|
|
;
|
|
|
|
ct_cmd_type : HELPERS { $$ = CMD_OBJ_CT_HELPERS; }
|
|
- | TIMEOUT { $$ = CMD_OBJ_CT_TIMEOUT; }
|
|
+ | TIMEOUT { $$ = CMD_OBJ_CT_TIMEOUTS; }
|
|
| EXPECTATION { $$ = CMD_OBJ_CT_EXPECT; }
|
|
;
|
|
|
|
diff --git a/src/rule.c b/src/rule.c
|
|
index 1faa1a27..3704600a 100644
|
|
--- a/src/rule.c
|
|
+++ b/src/rule.c
|
|
@@ -2351,6 +2351,7 @@ static int do_command_list(struct netlink_ctx *ctx, struct cmd *cmd)
|
|
case CMD_OBJ_CT_HELPERS:
|
|
return do_list_obj(ctx, cmd, NFT_OBJECT_CT_HELPER);
|
|
case CMD_OBJ_CT_TIMEOUT:
|
|
+ case CMD_OBJ_CT_TIMEOUTS:
|
|
return do_list_obj(ctx, cmd, NFT_OBJECT_CT_TIMEOUT);
|
|
case CMD_OBJ_CT_EXPECT:
|
|
return do_list_obj(ctx, cmd, NFT_OBJECT_CT_EXPECT);
|
|
--
|
|
cgit v1.2.3
|
|
|