diff options
author | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2022-09-20 15:16:37 +0100 |
---|---|---|
committer | Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk> | 2022-09-26 18:02:15 +0100 |
commit | 582c098c0936b7f2083541017ef88921bf6d281b (patch) | |
tree | 0380691463b249e31a08521f61622be6cdeeff8c /package/network/utils | |
parent | dafa6630125ce92967792d177b02c38b8e64e293 (diff) | |
download | upstream-582c098c0936b7f2083541017ef88921bf6d281b.tar.gz upstream-582c098c0936b7f2083541017ef88921bf6d281b.tar.bz2 upstream-582c098c0936b7f2083541017ef88921bf6d281b.zip |
nftables: backport fix to interval based rules
'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 }
th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with
'nft add', but not 'nft insert', the latter yields:
"BUG: unhandled op 4".
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Diffstat (limited to 'package/network/utils')
-rw-r--r-- | package/network/utils/nftables/Makefile | 2 | ||||
-rw-r--r-- | package/network/utils/nftables/patches/0001-fix-nft.patch | 23 |
2 files changed, 24 insertions, 1 deletions
diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile index fd53e3faa1..9691151c7b 100644 --- a/package/network/utils/nftables/Makefile +++ b/package/network/utils/nftables/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nftables PKG_VERSION:=1.0.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files diff --git a/package/network/utils/nftables/patches/0001-fix-nft.patch b/package/network/utils/nftables/patches/0001-fix-nft.patch new file mode 100644 index 0000000000..2138e254e8 --- /dev/null +++ b/package/network/utils/nftables/patches/0001-fix-nft.patch @@ -0,0 +1,23 @@ +'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' +works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". + +Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge") +Signed-off-by: Florian Westphal <fw@strlen.de> +--- + src/evaluate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/evaluate.c b/src/evaluate.c +index d9c9ca28a53a..edebd7bcd8ab 100644 +--- a/src/evaluate.c ++++ b/src/evaluate.c +@@ -1520,6 +1520,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set, + switch (ctx->cmd->op) { + case CMD_CREATE: + case CMD_ADD: ++ case CMD_INSERT: + if (set->automerge) { + ret = set_automerge(ctx->msgs, ctx->cmd, set, init, + ctx->nft->debug_mask); +-- +2.35.1 |