diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-01 14:51:24 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-03 12:19:35 +0200 |
commit | 95629758a5ec36313d839f8545fef0dc220408d8 (patch) | |
tree | 87d41f7f29438af6b5ca75731282c22d0dc57a2b /include/fib.h | |
parent | 2e0ea44c99e466ea0bcb6aca5de95e2c7284f09c (diff) |
segtree: bogus range via get set element on existing elements
table ip x {
set y {
type inet_service
flags interval
elements = { 10, 20-30, 40, 50-60 }
}
}
# nft get element x y { 20-40 }
table ip x {
set y {
type inet_service
flags interval
elements = { 20-40 }
}
}
20 and 40 exist in the tree, but they are part of different ranges.
This patch adds a new get_set_decompose() function to validate that the
left and the right side of the range.
Reported-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include/fib.h')
0 files changed, 0 insertions, 0 deletions