diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-25 19:18:28 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2018-10-25 20:14:42 +0200 |
commit | a3fdb7bb924e1988ce4f90e2773cc78335afb15b (patch) | |
tree | aaab12cfd12ffbb4cdf225ed9f6549f41ef7e056 /COPYING | |
parent | b849b0dfd9f3aecff5617bc60d5852ef36c3d494 (diff) |
evaluate: do not pass EXPR_SET_ELEM to stmt_evaluate_arg() for set/map evaluation
Otherwise, we cannot validate mismatching length size when combining raw
expressions with sets and maps, eg.
# cat /tmp/test
table ip nftlb {
map persistency {
type ipv4_addr : mark
size 65535
timeout 1h
}
chain pre {
type filter hook prerouting priority filter; policy accept;
ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 }
}
}
# nft -f /tmp/test
/tmp/test:10:68-75: Error: datatype mismatch: expected IPv4 address, expression has type integer with length 16
ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen inc mod 2 offset 100 }
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pass inner expression instead, instead of the wrapping set element
expression.
Fixes: 0e90798e9812 ("src: simplify map statement")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions