nftables - nft command line tool

diff options

author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-10-25 16:00:50 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-10-26 10:59:54 +0200
commit	4b6a4ad9134fa71277c2ff7f92776e1faeb83000 (patch)
tree	5306431ce88fc574ff7117c2ea9bcf8321fbbce2 /include/nftables
parent	be2856fc2280014d331d33a520cb5f3f3d909611 (diff)

evaluate: reject set in concatenation

Consider the following ruleset. define ext_if = { "eth0", "eth1" } table ip filter { chain c { iifname . tcp dport { $ext_if . 22 } accept } } Attempting to load this ruleset results in: BUG: invalid expression type 'set' in setnft: netlink.c:304: __netlink_gen_concat_key: Assertion `0' failed. Aborted (core dumped) After this patch: # nft -f ruleset.nft ruleset.nft:1:17-40: Error: cannot use set in concatenation define ext_if = { "eth0", "eth1" } ^^^^^^^^^^^^^^^^^^ Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1715 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Diffstat (limited to 'include/nftables')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: