diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-05-26 11:49:13 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2017-05-26 12:49:13 +0200 |
commit | 79ade4acce376bb24e17ee5c42ac9cc3063b1e6f (patch) | |
tree | 3ffb5a696d94bc2980ccb490dbb56ce3e971924b /src | |
parent | bb6a7f201a817652dd2c795539236c9319a23ad7 (diff) |
rule: adjust set expression size accordingly with intervals
For implicit sets, we have to call set_to_intervals() before we add the
set so we have the net size in elements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/rule.c | 17 |
1 files changed, 11 insertions, 6 deletions
@@ -914,10 +914,6 @@ static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h, static int __do_add_setelems(struct netlink_ctx *ctx, const struct handle *h, struct set *set, struct expr *expr, bool excl) { - if (set->flags & NFT_SET_INTERVAL && - set_to_intervals(ctx->msgs, set, expr, true) < 0) - return -1; - expr->set_flags |= set->flags; if (netlink_add_setelems(ctx, h, expr, excl) < 0) return -1; @@ -934,18 +930,27 @@ static int do_add_setelems(struct netlink_ctx *ctx, const struct handle *h, table = table_lookup(h); set = set_lookup(table, h->set); + if (set->flags & NFT_SET_INTERVAL && + set_to_intervals(ctx->msgs, set, init, true) < 0) + return -1; + return __do_add_setelems(ctx, h, set, init, excl); } static int do_add_set(struct netlink_ctx *ctx, const struct handle *h, struct set *set, bool excl) { + if (set->init != NULL) { + if (set->flags & NFT_SET_INTERVAL && + set_to_intervals(ctx->msgs, set, set->init, true) < 0) + return -1; + } if (netlink_add_set(ctx, h, set, excl) < 0) return -1; - if (set->init != NULL) + if (set->init != NULL) { return __do_add_setelems(ctx, &set->handle, set, set->init, false); - + } return 0; } |