netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [nft PATCH] segtree: Fix add and delete of element in same batch
@ 2019-11-21 10:41 Phil Sutter
  2019-12-02 17:59 ` Pablo Neira Ayuso
  0 siblings, 1 reply; 2+ messages in thread
From: Phil Sutter @ 2019-11-21 10:41 UTC (permalink / raw)
  To: Pablo Neira Ayuso; +Cc: netfilter-devel

The commit this fixes accidentally broke a rather exotic use-case which
is but used in set-simple.t of tests/monitor:

| # nft 'add element t s { 22-25 }; delete element t s { 22-25 }'

Since ranges are now checked for existence in userspace before delete
command is submitted to kernel, the second command above was rejected
because the range in question wasn't present in cache yet. Fix this by
adding new interval set elements to cache after creating the batch job
for them.

Fixes; decc12ec2dc31 ("segtree: Check ranges when deleting elements")

Signed-off-by: Phil Sutter <phil@nwl.cc>
---
 src/rule.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/rule.c b/src/rule.c
index 4abc13c993b89..c7b58529a80da 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -1511,6 +1511,13 @@ static int __do_add_setelems(struct netlink_ctx *ctx, struct set *set,
 	if (mnl_nft_setelem_add(ctx, set, expr, flags) < 0)
 		return -1;
 
+	if (set->flags & NFT_SET_INTERVAL) {
+		interval_map_decompose(expr);
+		list_splice_tail_init(&expr->expressions, &set->init->expressions);
+		set->init->size += expr->size;
+		expr->size = 0;
+	}
+
 	return 0;
 }
 
-- 
2.24.0


^ permalink raw reply related	[flat|nested] 2+ messages in thread
* Re: [nft PATCH] segtree: Fix add and delete of element in same batch
  2019-11-21 10:41 [nft PATCH] segtree: Fix add and delete of element in same batch Phil Sutter
@ 2019-12-02 17:59 ` Pablo Neira Ayuso
  0 siblings, 0 replies; 2+ messages in thread
From: Pablo Neira Ayuso @ 2019-12-02 17:59 UTC (permalink / raw)
  To: Phil Sutter; +Cc: netfilter-devel

On Thu, Nov 21, 2019 at 11:41:24AM +0100, Phil Sutter wrote:
> The commit this fixes accidentally broke a rather exotic use-case which
> is but used in set-simple.t of tests/monitor:
> 
> | # nft 'add element t s { 22-25 }; delete element t s { 22-25 }'
> 
> Since ranges are now checked for existence in userspace before delete
> command is submitted to kernel, the second command above was rejected
> because the range in question wasn't present in cache yet. Fix this by
> adding new interval set elements to cache after creating the batch job
> for them.

Applied, with minor glitch:

        if (set->init != NULL &&
            set->flags & NFT_SET_INTERVAL)

Just in case the set definition is empty.

Thanks Phil.

^ permalink raw reply	[flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-12-02 18:00 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-21 10:41 [nft PATCH] segtree: Fix add and delete of element in same batch Phil Sutter
2019-12-02 17:59 ` Pablo Neira Ayuso

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).