[PATCH nft 1/2] intervals: add elements with EXPR_F_KERNEL to purge list only

[PATCH nft 1/2] intervals: add elements with EXPR_F_KERNEL to purge list only

[Pablo Neira Ayuso]

Do not add elements to purge list which are not in the kernel,
otherwise, bogus ENOENT is reported.

Fixes: 3e8d934e4f722 ("intervals: support to partial deletion with automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/intervals.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/intervals.c b/src/intervals.c
index a8fada9ba079..590a2967c0f3 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -329,8 +329,10 @@ static void split_range(struct set *set, struct expr *prev, struct expr *i,
 {
 	struct expr *clone;
 
-	clone = expr_clone(prev);
-	list_move_tail(&clone->list, &purge->expressions);
+	if (prev->flags & EXPR_F_KERNEL) {
+		clone = expr_clone(prev);
+		list_move_tail(&clone->list, &purge->expressions);
+	}
 
 	prev->flags &= ~EXPR_F_KERNEL;
 	clone = expr_clone(prev);
@@ -413,7 +415,9 @@ static int setelem_delete(struct list_head *msgs, struct set *set,
 		if (mpz_cmp(prev_range.low, range.low) == 0 &&
 		    mpz_cmp(prev_range.high, range.high) == 0) {
 			if (i->flags & EXPR_F_REMOVE) {
-				list_move_tail(&prev->list, &purge->expressions);
+				if (prev->flags & EXPR_F_KERNEL)
+					list_move_tail(&prev->list, &purge->expressions);
+
 				list_del(&i->list);
 				expr_free(i);
 			}
-- 
2.30.2

[PATCH nft 2/2] intervals: fix deletion of multiple ranges with automerge

[Pablo Neira Ayuso]

Iterate over the list of elements to be deleted, then splice one
EXPR_F_REMOVE element at a time to update the list of existing sets
incrementally.

Fixes: 3e8d934e4f722 ("intervals: support to partial deletion with automerge")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/intervals.c | 33 +++++++++++++++++++++------------
 1 file changed, 21 insertions(+), 12 deletions(-)

diff --git a/src/intervals.c b/src/intervals.c
index 590a2967c0f3..7254a23ccf7c 100644
--- a/src/intervals.c
+++ b/src/intervals.c
@@ -454,34 +454,43 @@ static void automerge_delete(struct list_head *msgs, struct set *set,
 	expr_free(ctx.purge);
 }
 
+static int __set_delete(struct list_head *msgs, struct expr *i,	struct set *set,
+			struct expr *add, struct expr *init,
+			struct set *existing_set, unsigned int debug_mask)
+{
+	i->flags |= EXPR_F_REMOVE;
+	list_move(&i->list, &existing_set->init->expressions);
+	list_expr_sort(&existing_set->init->expressions);
+
+	return setelem_delete(msgs, set, add, init, existing_set->init, debug_mask);
+}
+
 /* detection for unexisting intervals already exists in Linux kernels >= 5.7. */
 int set_delete(struct list_head *msgs, struct cmd *cmd, struct set *set,
 	       struct expr *init, unsigned int debug_mask)
 {
 	struct set *existing_set = set->existing_set;
-	struct expr *i, *add;
+	struct expr *i, *next, *add;
 	struct handle h = {};
 	struct cmd *add_cmd;
+	LIST_HEAD(del_list);
 	int err;
 
 	set_to_range(init);
 	if (set->automerge)
 		automerge_delete(msgs, set, init, debug_mask);
 
-	list_for_each_entry(i, &init->expressions, list)
-		i->flags |= EXPR_F_REMOVE;
-
 	set_to_range(existing_set->init);
-	list_splice_init(&init->expressions, &existing_set->init->expressions);
-
-	list_expr_sort(&existing_set->init->expressions);
-
 	add = set_expr_alloc(&internal_location, set);
 
-	err = setelem_delete(msgs, set, add, init, existing_set->init, debug_mask);
-	if (err < 0) {
-		expr_free(add);
-		return err;
+	list_splice_init(&init->expressions, &del_list);
+
+	list_for_each_entry_safe(i, next, &del_list, list) {
+		err = __set_delete(msgs, i, set, add, init, existing_set, debug_mask);
+		if (err < 0) {
+			expr_free(add);
+			return err;
+		}
 	}
 
 	if (debug_mask & NFT_DEBUG_SEGTREE) {
-- 
2.30.2