package/network/utils/ipset/patches/0002-Fix-IPv6-sets-nftables-translation.patch

   1 From 50ef784944c60cd291970c47e4b831ff7ef9c923 Mon Sep 17 00:00:00 2001
   2 From: Pablo Neira Ayuso <pablo@netfilter.org>
   3 Date: Mon, 28 Feb 2022 20:02:17 +0100
   4 Subject: [PATCH] Fix IPv6 sets nftables translation
   5
   6 The parser assumes the set is an IPv4 ipset because IPSET_OPT_FAMILY is
   7 not set.
   8
   9  # ipset-translate restore < ./ipset-mwan3_set_connected_ipv6.dump
  10  add table inet global
  11  add set inet global mwan3_connected_v6 { type ipv6_addr; flags interval; }
  12  flush set inet global mwan3_connected_v6
  13  ipset v7.15: Error in line 4: Syntax error: '64' is out of range 0-32
  14
  15 Remove ipset_xlate_type_get(), call ipset_xlate_set_get() instead to
  16 obtain the set type and family.
  17
  18 Reported-by: Florian Eckert <fe@dev.tdt.de>
  19 Fixes: 325af556cd3a ("add ipset to nftables translation infrastructure")
  20 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
  21 ---
  22  lib/ipset.c             | 24 ++++++++++--------------
  23  tests/xlate/xlate.t     |  2 ++
  24  tests/xlate/xlate.t.nft |  2 ++
  25  3 files changed, 14 insertions(+), 14 deletions(-)
  26
  27 --- a/lib/ipset.c
  28 +++ b/lib/ipset.c
  29 @@ -949,18 +949,6 @@ ipset_xlate_set_get(struct ipset *ipset,
  30         return NULL;
  31  }
  32
  33 -static const struct ipset_type *ipset_xlate_type_get(struct ipset *ipset,
  34 -                                                    const char *name)
  35 -{
  36 -       const struct ipset_xlate_set *set;
  37 -
  38 -       set = ipset_xlate_set_get(ipset, name);
  39 -       if (!set)
  40 -               return NULL;
  41 -
  42 -       return set->type;
  43 -}
  44 -
  45  static int
  46  ipset_parser(struct ipset *ipset, int oargc, char *oargv[])
  47  {
  48 @@ -1282,8 +1270,16 @@ ipset_parser(struct ipset *ipset, int oa
  49                 if (!ipset->xlate) {
  50                         type = ipset_type_get(session, cmd);
  51                 } else {
  52 -                       type = ipset_xlate_type_get(ipset, arg0);
  53 -                       ipset_session_data_set(session, IPSET_OPT_TYPE, type);
  54 +                       const struct ipset_xlate_set *xlate_set;
  55 +
  56 +                       xlate_set = ipset_xlate_set_get(ipset, arg0);
  57 +                       if (xlate_set) {
  58 +                               ipset_session_data_set(session, IPSET_OPT_TYPE,
  59 +                                                      xlate_set->type);
  60 +                               ipset_session_data_set(session, IPSET_OPT_FAMILY,
  61 +                                                      &xlate_set->family);
  62 +                               type = xlate_set->type;
  63 +                       }
  64                 }
  65                 if (type == NULL)
  66                         return ipset->standard_error(ipset, p);
  67 --- a/tests/xlate/xlate.t
  68 +++ b/tests/xlate/xlate.t
  69 @@ -53,3 +53,5 @@ create bp1 bitmap:port range 1-1024
  70  add bp1 22
  71  create bim1 bitmap:ip,mac range 1.1.1.0/24
  72  add bim1 1.1.1.1,aa:bb:cc:dd:ee:ff
  73 +create hn6 hash:net family inet6
  74 +add hn6 fe80::/64
  75 --- a/tests/xlate/xlate.t.nft
  76 +++ b/tests/xlate/xlate.t.nft
  77 @@ -54,3 +54,5 @@ add set inet global bp1 { type inet_serv
  78  add element inet global bp1 { 22 }
  79  add set inet global bim1 { type ipv4_addr . ether_addr; }
  80  add element inet global bim1 { 1.1.1.1 . aa:bb:cc:dd:ee:ff }
  81 +add set inet global hn6 { type ipv6_addr; flags interval; }
  82 +add element inet global hn6 { fe80::/64 }