77 lines
2.3 KiB
Diff
77 lines
2.3 KiB
Diff
From d99b44adc5cfc455fdafd9b4bdabd413edf9a38a Mon Sep 17 00:00:00 2001
|
|
From: Florian Westphal <fw@strlen.de>
|
|
Date: Mon, 4 Dec 2023 19:04:58 +0100
|
|
Subject: evaluate: disable meta set with ranges
|
|
|
|
... this will cause an assertion in netlink linearization, catch this
|
|
at eval stage instead.
|
|
|
|
before:
|
|
BUG: unknown expression type range
|
|
nft: netlink_linearize.c:908: netlink_gen_expr: Assertion `0' failed.
|
|
|
|
after:
|
|
/unknown_expr_type_range_assert:3:31-40: Error: Meta expression cannot be a range
|
|
meta mark set 0x001-3434
|
|
^^^^^^^^^^
|
|
|
|
Signed-off-by: Florian Westphal <fw@strlen.de>
|
|
|
|
Conflict: change evaluate.c to set ret
|
|
Reference:https://git.netfilter.org/nftables/commit/?id=d99b44adc5cfc455fdafd9b4bdabd413edf9a38a
|
|
---
|
|
src/evaluate.c | 13 +++++++++++++
|
|
.../testcases/bogons/nft-f/unknown_expr_type_range_assert | 5 +++++
|
|
2 files changed, 25 insertions(+)
|
|
create mode 100644 tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
|
|
|
|
diff --git a/src/evaluate.c b/src/evaluate.c
|
|
index ec8e05f..1d3b142 100644
|
|
--- a/src/evaluate.c
|
|
+++ b/src/evaluate.c
|
|
@@ -2725,11 +2725,26 @@ static int stmt_evaluate_meter(struct eval_ctx *ctx, struct stmt *stmt)
|
|
|
|
static int stmt_evaluate_meta(struct eval_ctx *ctx, struct stmt *stmt)
|
|
{
|
|
- return stmt_evaluate_arg(ctx, stmt,
|
|
- stmt->meta.tmpl->dtype,
|
|
- stmt->meta.tmpl->len,
|
|
- stmt->meta.tmpl->byteorder,
|
|
- &stmt->meta.expr);
|
|
+ int ret;
|
|
+ ret = stmt_evaluate_arg(ctx, stmt,
|
|
+ stmt->meta.tmpl->dtype,
|
|
+ stmt->meta.tmpl->len,
|
|
+ stmt->meta.tmpl->byteorder,
|
|
+ &stmt->meta.expr);
|
|
+ if (ret < 0)
|
|
+ return ret;
|
|
+
|
|
+ switch (stmt->meta.expr->etype) {
|
|
+ case EXPR_RANGE:
|
|
+ ret = expr_error(ctx->msgs, stmt->meta.expr,
|
|
+ "Meta expression cannot be a range");
|
|
+ break;
|
|
+ default:
|
|
+ break;
|
|
+
|
|
+ }
|
|
+
|
|
+ return ret;
|
|
}
|
|
|
|
static int stmt_evaluate_ct(struct eval_ctx *ctx, struct stmt *stmt)
|
|
diff --git a/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
|
|
new file mode 100644
|
|
index 00000000..234dd623
|
|
--- /dev/null
|
|
+++ b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
|
|
@@ -0,0 +1,5 @@
|
|
+table ip x {
|
|
+ chain k {
|
|
+ meta mark set 0x001-3434
|
|
+ }
|
|
+}
|
|
--
|
|
cgit v1.2.3
|