diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-17 12:31:22 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-17 12:55:44 +0200 |
commit | 6340734d7034d2424d3a5e34c3042c97a63b8b2d (patch) | |
tree | edb70dcfcd9e1e8ec9cfc11efa5b513923643670 /doc/nft.txt | |
parent | b274c169014e71715f9333ee028c5a9304881919 (diff) |
evaluate: bogus bail out with raw expression from dynamic sets
The following ruleset that uses raw expressions:
table ip nftlb {
map persistency {
type inet_service : mark
size 65535
timeout 1h
elements = { 53 expires 59m55s864ms : 0x00000064, 80 expires 59m58s924ms : 0x00000065, 443 expires 59m56s220ms : 0x00000064 }
}
chain pre {
type filter hook prerouting priority filter; policy accept;
ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 }
}
}
bogusly bails out with:
/tmp/test:9:57-64: Error: datatype mismatch: expected internet network service, expression has type integer
ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 }
~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Fix the problem by evaluating expression basetype and length in this case.
Reported-by: Laura Garcia <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc/nft.txt')
0 files changed, 0 insertions, 0 deletions