diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-07 19:30:46 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-05-10 08:05:50 +0200 |
commit | aceea86de797bcc315d3e759a44b97cbfb724435 (patch) | |
tree | ea05149c15af3661b0b543608bcd9927c5b30756 /src | |
parent | 0583bac241ea18c9d7f61cb20ca04faa1e043b78 (diff) |
evaluate: allow stateful statements with anonymous verdict maps
Evaluation fails to accept stateful statements in verdict maps, relax
the following check for anonymous sets:
test.nft:4:29-35: Error: missing statement in map declaration
ip saddr vmap { 127.0.0.1 counter : drop, * counter : accept }
^^^^^^^
The existing code generates correctly the counter in the anonymous
verdict map.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index a1c3895c..bc8f437e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1604,7 +1604,8 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem) "but element has %d", num_set_exprs, num_elem_exprs); } else if (num_set_exprs == 0) { - if (!(set->flags & NFT_SET_EVAL)) { + if (!(set->flags & NFT_SET_ANONYMOUS) && + !(set->flags & NFT_SET_EVAL)) { elem_stmt = list_first_entry(&elem->stmt_list, struct stmt, list); return stmt_error(ctx, elem_stmt, "missing statement in %s declaration", |