Skip to content

Commit

Permalink
Fix generate empty sets
Browse files Browse the repository at this point in the history
  • Loading branch information
nekohasekai committed Jun 17, 2024
1 parent 1048b27 commit 086271e
Showing 1 changed file with 18 additions and 9 deletions.
27 changes: 18 additions & 9 deletions redirect_nftables_exprs.go
Original file line number Diff line number Diff line change
Expand Up @@ -79,17 +79,9 @@ func nftablesCreateIPSet(
) (*nftables.Set, error) {
if len(prefixList) > 0 {
var builder netipx.IPSetBuilder
if appendDefault && len(setList) == 0 {
if family == nftables.TableFamilyIPv4 {
prefixList = append(prefixList, netip.PrefixFrom(netip.IPv4Unspecified(), 0))
} else {
prefixList = append(prefixList, netip.PrefixFrom(netip.IPv6Unspecified(), 0))
}
}
for _, prefix := range prefixList {
builder.AddPrefix(prefix)
}

ipSet, err := builder.IPSet()
if err != nil {
return nil, err
Expand All @@ -103,7 +95,7 @@ func nftablesCreateIPSet(
ipSets = append(ipSets, mySet)
rangeLen += len(mySet.rr)
}
setElements := make([]nftables.SetElement, 0, len(prefixList)+rangeLen)
setElements := make([]nftables.SetElement, 0, rangeLen)
for _, mySet := range ipSets {
for _, rr := range mySet.rr {
if (family == nftables.TableFamilyIPv4) != rr.from.Is4() {
Expand All @@ -122,6 +114,23 @@ func nftablesCreateIPSet(
})
}
}
if len(prefixList) == 0 && appendDefault {
if family == nftables.TableFamilyIPv4 {
setElements = append(setElements, nftables.SetElement{
Key: netip.IPv4Unspecified().AsSlice(),
}, nftables.SetElement{
Key: netip.IPv4Unspecified().AsSlice(),
IntervalEnd: true,
})
} else {
setElements = append(setElements, nftables.SetElement{
Key: netip.IPv6Unspecified().AsSlice(),
}, nftables.SetElement{
Key: netip.IPv6Unspecified().AsSlice(),
IntervalEnd: true,
})
}
}
var keyType nftables.SetDatatype
if family == nftables.TableFamilyIPv4 {
keyType = nftables.TypeIPAddr
Expand Down

0 comments on commit 086271e

Please sign in to comment.