@@ -241,6 +241,7 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
const struct expr *expr,
enum nft_registers dreg)
{
+ int dreg_low = ctx->reg_low;
struct nftnl_expr *nle;
enum nft_registers sreg;
@@ -251,7 +252,10 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx,
else
sreg = dreg;
+ /* suppress assert in netlink_gen_expr */
+ ctx->reg_low += netlink_register_space(expr->map->len);
netlink_gen_expr(ctx, expr->map, sreg);
+ ctx->reg_low = dreg_low;
nle = alloc_nft_expr("lookup");
netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);
Phil reported following assert: add rule ip6 f o mark set ip6 saddr . ip6 daddr . tcp dport \ map { dead::beef . f00::. 22 : 1 } nft: netlink_linearize.c:655: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed. This happens because "mark set" will allocate one register (the dreg), but netlink_gen_concat_expr will populate a lot more register space if the concat expression strings a lot of expressions together. As the assert is useful pseudo-reserve the register space as per concat->len and undo after generating the expressions. Reported-by: Phil Sutter <phil@nwl.cc> Signed-off-by: Florian Westphal <fw@strlen.de> --- src/netlink_linearize.c | 4 ++++ 1 file changed, 4 insertions(+)