evaluate: auto-merge is only available for singleton interval setsHEAD master

auto-merge is only available to interval sets with one value only, untoggle this flag for concatenation with intervals. Later, this can be hardened to reject it. Fixes: 30f667920601 ("src: add 'auto-merge' option to sets") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2025-02-20 17:55:15 +0100
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2025-02-21 23:23:16 +0100
commit: 65382b888e266e2e3d49a418073fd76dcc4815a7 (patch)
tree: 2380307f0ad84d20e6dc7f28401029e2e22e47e8
parent: 50741c52fe57fd09fa9cbd1a1626bfdd2f4115d8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 3cf58d85..ddc46754 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5041,6 +5041,9 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
 		       sizeof(set->desc.field_len));
 		set->desc.field_count = set->key->field_count;
 		set->flags |= NFT_SET_CONCAT;
+
+		if (set->automerge)
+			set->automerge = false;
 	}
 
 	if (set_is_anonymous(set->flags) && set->key->etype == EXPR_CONCAT) {
author	Pablo Neira Ayuso <pablo@netfilter.org>	2025-02-20 17:55:15 +0100
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2025-02-21 23:23:16 +0100
commit	65382b888e266e2e3d49a418073fd76dcc4815a7 (patch)
tree	2380307f0ad84d20e6dc7f28401029e2e22e47e8
parent	50741c52fe57fd09fa9cbd1a1626bfdd2f4115d8 (diff)