summaryrefslogtreecommitdiffstats
path: root/doc
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2018-10-17 12:31:22 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2018-10-17 12:55:44 +0200
commit6340734d7034d2424d3a5e34c3042c97a63b8b2d (patch)
treeedb70dcfcd9e1e8ec9cfc11efa5b513923643670 /doc
parentb274c169014e71715f9333ee028c5a9304881919 (diff)
evaluate: bogus bail out with raw expression from dynamic sets
The following ruleset that uses raw expressions: table ip nftlb { map persistency { type inet_service : mark size 65535 timeout 1h elements = { 53 expires 59m55s864ms : 0x00000064, 80 expires 59m58s924ms : 0x00000065, 443 expires 59m56s220ms : 0x00000064 } } chain pre { type filter hook prerouting priority filter; policy accept; ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 } } } bogusly bails out with: /tmp/test:9:57-64: Error: datatype mismatch: expected internet network service, expression has type integer ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 } ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fix the problem by evaluating expression basetype and length in this case. Reported-by: Laura Garcia <nevola@gmail.com> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'doc')
0 files changed, 0 insertions, 0 deletions