From 04a1ddc2012964c0a00350973328f5954887cedb Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 13 Nov 2023 14:39:23 +0100
Subject: src: expand create commands

create commands also need to be expanded, otherwise elements are never
evaluated:

 # cat ruleset.nft
 define ip-block-4 = { 1.1.1.1 }
 create set netdev filter ip-block-4-test {
        type ipv4_addr
	flags interval
	auto-merge
	elements = $ip-block-4
 }
 # nft -f ruleset.nft
 BUG: unhandled expression type 0
 nft: src/intervals.c:211: interval_expr_key: Assertion `0' failed.
 Aborted

Same applies to chains in the form of:

 create chain x y {
	counter
 }

which is also accepted by the parser.

Update tests/shell to improve coverage for these use cases.

Fixes: 56c90a2dd2eb ("evaluate: expand sets and maps before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 tests/shell/testcases/sets/dumps/0049set_define_0.nft | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'tests/shell/testcases/sets/dumps/0049set_define_0.nft')

diff --git a/tests/shell/testcases/sets/dumps/0049set_define_0.nft b/tests/shell/testcases/sets/dumps/0049set_define_0.nft
index 998b387a..d654420c 100644
--- a/tests/shell/testcases/sets/dumps/0049set_define_0.nft
+++ b/tests/shell/testcases/sets/dumps/0049set_define_0.nft
@@ -1,4 +1,11 @@
 table inet filter {
+	set ip-block-4-test {
+		type ipv4_addr
+		flags interval
+		auto-merge
+		elements = { 1.1.1.1 }
+	}
+
 	chain input {
 		type filter hook input priority filter; policy drop;
 		tcp dport { 22, 80, 443 } ct state new counter packets 0 bytes 0 accept
-- 
cgit v1.2.3