diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-16 13:49:08 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-18 09:40:20 +0200 |
commit | a5674886b45c9b3489aef8cc7435dd85afa9494a (patch) | |
tree | 476ff27ba9faacfa1e217f643ff87f143cea9208 /src/evaluate.c | |
parent | bd51f04f73bd585f6e3f9ed82a5db7d9640198b8 (diff) |
evaluate: unbreak verdict maps with implicit map with interval concatenations
Verdict maps in combination with interval concatenations are broken, e.g.
# nft add rule x y tcp dport . ip saddr vmap { 1025-65535 . 192.168.10.2 : accept }
Retrieve the concatenation field length and count from the map->map
expressions that represents the key of the implicit map.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
-rw-r--r-- | src/evaluate.c | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index d220c8e3..77fb2459 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1564,6 +1564,14 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr) ctx->set = NULL; map = *expr; map->mappings->set->flags |= map->mappings->set->init->set_flags; + + if (map->mappings->set->flags & NFT_SET_INTERVAL && + map->map->etype == EXPR_CONCAT) { + memcpy(&map->mappings->set->desc.field_len, &map->map->field_len, + sizeof(map->mappings->set->desc.field_len)); + map->mappings->set->desc.field_count = map->map->field_count; + map->mappings->flags |= NFT_SET_CONCAT; + } break; case EXPR_SYMBOL: if (expr_evaluate(ctx, &map->mappings) < 0) |