From be7f6099feb7b5d34715b06f9308877cdcdc404a Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 28 Feb 2022 19:52:57 +0100 Subject: Fix IPv6 sets nftables translation The parser assumes the set is an IPv4 ipset because IPSET_OPT_FAMILY is not set. # ipset-translate restore < ./ipset-mwan3_set_connected_ipv6.dump add table inet global add set inet global mwan3_connected_v6 { type ipv6_addr; flags interval; } flush set inet global mwan3_connected_v6 ipset v7.15: Error in line 4: Syntax error: '64' is out of range 0-32 Remove ipset_xlate_type_get(), call ipset_xlate_set_get() instead to obtain the set type and family. Reported-by: Florian Eckert Fixes: 325af556cd3a ("add ipset to nftables translation infrastructure") Signed-off-by: Pablo Neira Ayuso --- lib/ipset.c | 24 ++++++++++-------------- 1 file changed, 10 insertions(+), 14 deletions(-) (limited to 'lib') diff --git a/lib/ipset.c b/lib/ipset.c index 73e67db..50f86ae 100644 --- a/lib/ipset.c +++ b/lib/ipset.c @@ -949,18 +949,6 @@ ipset_xlate_set_get(struct ipset *ipset, const char *name) return NULL; } -static const struct ipset_type *ipset_xlate_type_get(struct ipset *ipset, - const char *name) -{ - const struct ipset_xlate_set *set; - - set = ipset_xlate_set_get(ipset, name); - if (!set) - return NULL; - - return set->type; -} - static int ipset_parser(struct ipset *ipset, int oargc, char *oargv[]) { @@ -1282,8 +1270,16 @@ ipset_parser(struct ipset *ipset, int oargc, char *oargv[]) if (!ipset->xlate) { type = ipset_type_get(session, cmd); } else { - type = ipset_xlate_type_get(ipset, arg0); - ipset_session_data_set(session, IPSET_OPT_TYPE, type); + const struct ipset_xlate_set *xlate_set; + + xlate_set = ipset_xlate_set_get(ipset, arg0); + if (xlate_set) { + ipset_session_data_set(session, IPSET_OPT_TYPE, + xlate_set->type); + ipset_session_data_set(session, IPSET_OPT_FAMILY, + &xlate_set->family); + type = xlate_set->type; + } } if (type == NULL) return ipset->standard_error(ipset, p); -- cgit v1.2.1