diff mbox series

[nft] segtree: zap element statement when decomposing interval

Message ID 20200706111748.29601-1-pablo@netfilter.org
State Accepted
Delegated to: Pablo Neira
Headers show
Series [nft] segtree: zap element statement when decomposing interval | expand

Commit Message

Pablo Neira Ayuso July 6, 2020, 11:17 a.m. UTC 
Otherwise, interval sets do not display element statement such as
counters.

Fixes: 6d80e0f15492 ("src: support for counter in set definition")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/segtree.c                                 | 16 ++++++++++++++++
 .../testcases/sets/0051set_interval_counter_0 | 19 +++++++++++++++++++
 .../sets/dumps/0051set_interval_counter_0.nft | 13 +++++++++++++
 3 files changed, 48 insertions(+)
 create mode 100755 tests/shell/testcases/sets/0051set_interval_counter_0
 create mode 100644 tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
diff mbox series

Patch

diff --git a/src/segtree.c b/src/segtree.c
index b6ca6083ea0b..c143a6a74a21 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -1027,6 +1027,10 @@  void interval_map_decompose(struct expr *set)
 					tmp->timeout = low->left->timeout;
 				if (low->left->expiration)
 					tmp->expiration = low->left->expiration;
+				if (low->left->stmt) {
+					tmp->stmt = low->left->stmt;
+					low->left->stmt = NULL;
+				}
 
 				tmp = mapping_expr_alloc(&tmp->location, tmp,
 							 expr_clone(low->right));
@@ -1037,6 +1041,10 @@  void interval_map_decompose(struct expr *set)
 					tmp->timeout = low->timeout;
 				if (low->expiration)
 					tmp->expiration = low->expiration;
+				if (low->left->stmt) {
+					tmp->stmt = low->stmt;
+					low->stmt = NULL;
+				}
 			}
 
 			compound_expr_add(set, tmp);
@@ -1059,6 +1067,10 @@  void interval_map_decompose(struct expr *set)
 					prefix->timeout = low->left->timeout;
 				if (low->left->expiration)
 					prefix->expiration = low->left->expiration;
+				if (low->left->stmt) {
+					prefix->stmt = low->left->stmt;
+					low->left->stmt = NULL;
+				}
 
 				prefix = mapping_expr_alloc(&low->location, prefix,
 							    expr_clone(low->right));
@@ -1069,6 +1081,10 @@  void interval_map_decompose(struct expr *set)
 					prefix->timeout = low->timeout;
 				if (low->expiration)
 					prefix->expiration = low->expiration;
+				if (low->stmt) {
+					prefix->stmt = low->stmt;
+					low->stmt = NULL;
+				}
 			}
 
 			compound_expr_add(set, prefix);
diff --git a/tests/shell/testcases/sets/0051set_interval_counter_0 b/tests/shell/testcases/sets/0051set_interval_counter_0
new file mode 100755
index 000000000000..ea90e264bfcc
--- /dev/null
+++ b/tests/shell/testcases/sets/0051set_interval_counter_0
@@ -0,0 +1,19 @@ 
+#!/bin/bash
+
+set -e
+
+EXPECTED="table ip x {
+	set s {
+		type ipv4_addr
+		flags interval
+		counter
+		elements = { 192.168.2.0/24 }
+	}
+
+	chain y {
+		type filter hook output priority filter; policy accept;
+		ip daddr @s
+	}
+}"
+
+$NFT -f - <<< "$EXPECTED"
diff --git a/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
new file mode 100644
index 000000000000..fd488a76432f
--- /dev/null
+++ b/tests/shell/testcases/sets/dumps/0051set_interval_counter_0.nft
@@ -0,0 +1,13 @@ 
+table ip x {
+	set s {
+		type ipv4_addr
+		flags interval
+		counter
+		elements = { 192.168.2.0/24 counter packets 0 bytes 0 }
+	}
+
+	chain y {
+		type filter hook output priority filter; policy accept;
+		ip daddr @s
+	}
+}