From: Kevin Darbyshire-Bryant Date: Tue, 20 Sep 2022 14:16:37 +0000 (+0100) Subject: nftables: backport fix to interval based rules X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=582c098c0936b7f2083541017ef88921bf6d281b;p=openwrt%2Fstaging%2Fthess.git nftables: backport fix to interval based rules 'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". Signed-off-by: Kevin Darbyshire-Bryant --- diff --git a/package/network/utils/nftables/Makefile b/package/network/utils/nftables/Makefile index fd53e3faa1..9691151c7b 100644 --- a/package/network/utils/nftables/Makefile +++ b/package/network/utils/nftables/Makefile @@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nftables PKG_VERSION:=1.0.5 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2 PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files diff --git a/package/network/utils/nftables/patches/0001-fix-nft.patch b/package/network/utils/nftables/patches/0001-fix-nft.patch new file mode 100644 index 0000000000..2138e254e8 --- /dev/null +++ b/package/network/utils/nftables/patches/0001-fix-nft.patch @@ -0,0 +1,23 @@ +'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' +works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". + +Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge") +Signed-off-by: Florian Westphal +--- + src/evaluate.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/evaluate.c b/src/evaluate.c +index d9c9ca28a53a..edebd7bcd8ab 100644 +--- a/src/evaluate.c ++++ b/src/evaluate.c +@@ -1520,6 +1520,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set, + switch (ctx->cmd->op) { + case CMD_CREATE: + case CMD_ADD: ++ case CMD_INSERT: + if (set->automerge) { + ret = set_automerge(ctx->msgs, ctx->cmd, set, init, + ctx->nft->debug_mask); +-- +2.35.1