From patchwork Tue Mar 27 07:41:14 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Florian Westphal X-Patchwork-Id: 891407 X-Patchwork-Delegate: pablo@netfilter.org Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netfilter-devel-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=strlen.de Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 409NHR6T82z9s0m for ; Tue, 27 Mar 2018 18:41:23 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1750937AbeC0HlX (ORCPT ); Tue, 27 Mar 2018 03:41:23 -0400 Received: from Chamillionaire.breakpoint.cc ([146.0.238.67]:46020 "EHLO Chamillionaire.breakpoint.cc" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750907AbeC0HlW (ORCPT ); Tue, 27 Mar 2018 03:41:22 -0400 Received: from fw by Chamillionaire.breakpoint.cc with local (Exim 4.84_2) (envelope-from ) id 1f0jEP-00087F-2J; Tue, 27 Mar 2018 09:41:21 +0200 From: Florian Westphal To: netfilter-devel@vger.kernel.org Cc: Florian Westphal Subject: [PATCH nft] src: avoid errouneous assert with map+concat Date: Tue, 27 Mar 2018 09:41:14 +0200 Message-Id: <20180327074114.8483-1-fw@strlen.de> X-Mailer: git-send-email 2.14.3 Sender: netfilter-devel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netfilter-devel@vger.kernel.org Phil reported following assert: add rule ip6 f o mark set ip6 saddr . ip6 daddr . tcp dport \ map { dead::beef . f00::. 22 : 1 } nft: netlink_linearize.c:655: netlink_gen_expr: Assertion `dreg < ctx->reg_low' failed. This happens because "mark set" will allocate one register (the dreg), but netlink_gen_concat_expr will populate a lot more register space if the concat expression strings a lot of expressions together. As the assert is useful pseudo-reserve the register space as per concat->len and undo after generating the expressions. Reported-by: Phil Sutter Signed-off-by: Florian Westphal --- src/netlink_linearize.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 1c06fc0..716e962 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -241,6 +241,7 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, const struct expr *expr, enum nft_registers dreg) { + int dreg_low = ctx->reg_low; struct nftnl_expr *nle; enum nft_registers sreg; @@ -251,7 +252,10 @@ static void netlink_gen_map(struct netlink_linearize_ctx *ctx, else sreg = dreg; + /* suppress assert in netlink_gen_expr */ + ctx->reg_low += netlink_register_space(expr->map->len); netlink_gen_expr(ctx, expr->map, sreg); + ctx->reg_low = dreg_low; nle = alloc_nft_expr("lookup"); netlink_put_register(nle, NFTNL_EXPR_LOOKUP_SREG, sreg);