evaluate: move interval flag compat check after set key evaluation

Without this, included bogon asserts with: BUG: unhandled key type 13 nft: src/intervals.c:73: setelem_expr_to_range: Assertion `0' failed. ... because we no longer evaluate set->key/data. Move the check to the tail of the function, right before assiging set->existing_set, so that set->key has been evaluated. Fixes: ceab53cee499 ("evaluate: don't allow merging interval set/map with non-interval one") Signed-off-by: Florian Westphal <fw@strlen.de> Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Florian Westphal <fw@strlen.de> 2025-03-17 12:56:36 +0100
committer: Florian Westphal <fw@strlen.de> 2025-03-18 14:25:31 +0100
commit: 3e50cd6b063d64c2e72b0e32bc36dd5a22f75c06 (patch)
tree: da5112bee769a78ee0ad0aed264efdafc5f294e5 /tests/shell/testcases
parent: ceab53cee4999debd64ab29414b918746209ba7b (diff)
1 files changed, 13 insertions, 0 deletions
diff --git a/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_2_assert b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_2_assert
new file mode 100644
index 00000000..56f541a6
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_2_assert
@@ -0,0 +1,13 @@
+table inet t {
+        map m2 {
+                typeof udp length . @ih,32,32 : verdict
+                elements = {
+                             1-10 . 0xa : drop }
+        }
+
+	map m2 {
+                typeof udp length . @ih,32,32 : verdict
+                flags interval
+                elements = { 20-80 . 0x14 : accept }
+        }
+}
author	Florian Westphal <fw@strlen.de>	2025-03-17 12:56:36 +0100
committer	Florian Westphal <fw@strlen.de>	2025-03-18 14:25:31 +0100
commit	3e50cd6b063d64c2e72b0e32bc36dd5a22f75c06 (patch)
tree	da5112bee769a78ee0ad0aed264efdafc5f294e5 /tests/shell/testcases
parent	ceab53cee4999debd64ab29414b918746209ba7b (diff)