evaluate: set: Allow for set elems to be sets

Recursive use of sets is handled in parts by parser_bison.y, which
has a rule for inline unnamed sets in set_list_member_expr, e.g. like
this:

| add rule ip saddr { { 1.1.1.0, 2.2.2.0 }, 3.3.3.0 }

Yet there is another way to have an unnamed set inline, which is via
define:

| define myset = {
| 	1.1.1.0,
| 	2.2.2.0,
| }
| add rule ip saddr { $myset, 3.3.3.0 }

This didn't work because the inline set comes in as EXPR_SET_ELEM with
EXPR_SET as key. This patch handles that case by replacing the former by
a copy of the latter, so the following set list merging can take place.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 9 insertions, 0 deletions

diff --git a/src/evaluate.c b/src/evaluate.c
index 8fb716c0..86ff8ebd 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1132,6 +1132,15 @@ static int expr_evaluate_set(struct eval_ctx *ctx, struct expr **expr)
 			return expr_error(ctx->msgs, i,
 					  "Set reference cannot be part of another set");
 
+		if (i->ops->type == EXPR_SET_ELEM &&
+		    i->key->ops->type == EXPR_SET) {
+			struct expr *new = expr_clone(i->key);
+
+			list_replace(&i->list, &new->list);
+			expr_free(i);
+			i = new;
+		}
+
 		if (!expr_is_constant(i))
 			return expr_error(ctx->msgs, i,
 					  "Set member is not constant");