diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-25 19:18:28 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-25 20:14:42 +0200 |
commit | a3fdb7bb924e1988ce4f90e2773cc78335afb15b (patch) | |
tree | aaab12cfd12ffbb4cdf225ed9f6549f41ef7e056 | |
parent | b849b0dfd9f3aecff5617bc60d5852ef36c3d494 (diff) |
evaluate: do not pass EXPR_SET_ELEM to stmt_evaluate_arg() for set/map evaluation
Otherwise, we cannot validate mismatching length size when combining raw
expressions with sets and maps, eg.
# cat /tmp/test
table ip nftlb {
map persistency {
type ipv4_addr : mark
size 65535
timeout 1h
}
chain pre {
type filter hook prerouting priority filter; policy accept;
ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 }
}
}
# nft -f /tmp/test
/tmp/test:10:68-75: Error: datatype mismatch: expected IPv4 address, expression has type integer with length 16
ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 }
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pass inner expression instead, instead of the wrapping set element
expression.
Fixes: 0e90798e9812 ("src: simplify map statement")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 66e9293f..dbeedc95 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2733,7 +2733,7 @@ static int stmt_evaluate_set(struct eval_ctx *ctx, struct stmt *stmt) stmt->set.set->set->key->dtype, stmt->set.set->set->key->len, stmt->set.set->set->key->byteorder, - &stmt->set.key) < 0) + &stmt->set.key->key) < 0) return -1; if (expr_is_constant(stmt->set.key)) return expr_error(ctx->msgs, stmt->set.key, @@ -2765,7 +2765,7 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct stmt *stmt) stmt->map.set->set->key->dtype, stmt->map.set->set->key->len, stmt->map.set->set->key->byteorder, - &stmt->map.key) < 0) + &stmt->map.key->key) < 0) return -1; if (expr_is_constant(stmt->map.key)) return expr_error(ctx->msgs, stmt->map.key, |