* [PATCH nft] segtree: zap element statement when decomposing interval
@ 2020-07-06 11:17 Pablo Neira Ayuso
0 siblings, 0 replies; only message in thread
From: Pablo Neira Ayuso @ 2020-07-06 11:17 UTC (permalink / raw)
To: netfilter-devel
Otherwise, interval sets do not display element statement such as
counters.
Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
src/segtree.c | 16 ++++++++++++++++
.../testcases/sets/0051set_interval_counter_0 | 19 +++++++++++++++++++
.../sets/dumps/0051set_interval_counter_0.nft | 13 +++++++++++++
3 files changed, 48 insertions(+)
create mode 100755 tests/shell/testcases/sets/0051set_interval_counter_0
create mode 100644 tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
diff --git a/src/segtree.c b/src/segtree.c
index b6ca6083ea0b..c143a6a74a21 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -1027,6 +1027,10 @@ void interval_map_decompose(struct expr *set)
tmp->timeout = low->left->timeout;
if (low->left->expiration)
tmp->expiration = low->left->expiration;
+ if (low->left->stmt) {
+ tmp->stmt = low->left->stmt;
+ low->left->stmt = NULL;
+ }
tmp = mapping_expr_alloc(&tmp->location, tmp,
expr_clone(low->right));
@@ -1037,6 +1041,10 @@ void interval_map_decompose(struct expr *set)
tmp->timeout = low->timeout;
if (low->expiration)
tmp->expiration = low->expiration;
+ if (low->left->stmt) {
+ tmp->stmt = low->stmt;
+ low->stmt = NULL;
+ }
}
compound_expr_add(set, tmp);
@@ -1059,6 +1067,10 @@ void interval_map_decompose(struct expr *set)
prefix->timeout = low->left->timeout;
if (low->left->expiration)
prefix->expiration = low->left->expiration;
+ if (low->left->stmt) {
+ prefix->stmt = low->left->stmt;
+ low->left->stmt = NULL;
+ }
prefix = mapping_expr_alloc(&low->location, prefix,
expr_clone(low->right));
@@ -1069,6 +1081,10 @@ void interval_map_decompose(struct expr *set)
prefix->timeout = low->timeout;
if (low->expiration)
prefix->expiration = low->expiration;
+ if (low->stmt) {
+ prefix->stmt = low->stmt;
+ low->stmt = NULL;
+ }
}
compound_expr_add(set, prefix);
diff --git a/tests/shell/testcases/sets/0051set_interval_counter_0 b/tests/shell/testcases/sets/0051set_interval_counter_0
new file mode 100755
index 000000000000..ea90e264bfcc
--- /dev/null
+++ b/tests/shell/testcases/sets/0051set_interval_counter_0
@@ -0,0 +1,19 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+ set s {
+ type ipv4_addr
+ flags interval
+ counter
+ elements = { 192.168.2.0/24 }
+ }
+
+ chain y {
+ type filter hook output priority filter; policy accept;
+ ip daddr @s
+ }
+}"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
new file mode 100644
index 000000000000..fd488a76432f
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
@@ -0,0 +1,13 @@
+table ip x {
+ set s {
+ type ipv4_addr
+ flags interval
+ counter
+ elements = { 192.168.2.0/24 counter packets 0 bytes 0 }
+ }
+
+ chain y {
+ type filter hook output priority filter; policy accept;
+ ip daddr @s
+ }
+}
--
2.20.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2020-07-06 11:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-06 11:17 [PATCH nft] segtree: zap element statement when decomposing interval Pablo Neira Ayuso
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).