nftables: backport fix to interval based rules

'rule inet dscpclassify dscp_match meta l4proto { udp } th dport { 3478 } th sport { 3478-3497, 16384-16387 } goto ct_set_ef' works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4". Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
2024-12-18 12:54:39 +00:00 · 2022-09-20 15:16:37 +01:00 · 2022-09-20 15:16:37 +01:00 · 582c098c09
commit 582c098c09
parent dafa663012
2 changed files with 24 additions and 1 deletions
--- a/package/network/utils/nftables/Makefile
+++ b/package/network/utils/nftables/Makefile
@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=nftables
 PKG_VERSION:=1.0.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL:=https://netfilter.org/projects/$(PKG_NAME)/files
--- a/package/network/utils/nftables/patches/0001-fix-nft.patch
+++ b/package/network/utils/nftables/patches/0001-fix-nft.patch
@ -0,0 +1,23 @@
+'rule inet dscpclassify dscp_match  meta l4proto { udp }  th dport { 3478 }  th sport { 3478-3497, 16384-16387 } goto ct_set_ef'
+works with 'nft add', but not 'nft insert', the latter yields: "BUG: unhandled op 4".
+
+Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
+Signed-off-by: Florian Westphal <fw@strlen.de>
+---
+ src/evaluate.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/evaluate.c b/src/evaluate.c
+index d9c9ca28a53a..edebd7bcd8ab 100644
+--- a/src/evaluate.c
+++ b/src/evaluate.c
+@@ -1520,6 +1520,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set,
+ 	switch (ctx->cmd->op) {
+ 	case CMD_CREATE:
+ 	case CMD_ADD:
+	case CMD_INSERT:
+ 		if (set->automerge) {
+ 			ret = set_automerge(ctx->msgs, ctx->cmd, set, init,
+ 					    ctx->nft->debug_mask);
+-- 
+2.35.1