evaluate: allow stateful statements with anonymous verdict maps

Evaluation fails to accept stateful statements in verdict maps, relax the following check for anonymous sets: test.nft:4:29-35: Error: missing statement in map declaration ip saddr vmap { 127.0.0.1 counter : drop, * counter : accept } ^^^^^^^ The existing code generates correctly the counter in the anonymous verdict map. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2023-05-07 19:30:46 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2023-05-10 08:05:50 +0200
commit: aceea86de797bcc315d3e759a44b97cbfb724435 (patch)
tree: ea05149c15af3661b0b543608bcd9927c5b30756 /src/evaluate.c
parent: 0583bac241ea18c9d7f61cb20ca04faa1e043b78 (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index a1c3895c..bc8f437e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1604,7 +1604,8 @@ static int __expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr *elem)
 					  "but element has %d", num_set_exprs,
 					  num_elem_exprs);
 		} else if (num_set_exprs == 0) {
-			if (!(set->flags & NFT_SET_EVAL)) {
+			if (!(set->flags & NFT_SET_ANONYMOUS) &&
+			    !(set->flags & NFT_SET_EVAL)) {
 				elem_stmt = list_first_entry(&elem->stmt_list, struct stmt, list);
 				return stmt_error(ctx, elem_stmt,
 						  "missing statement in %s declaration",
author	Pablo Neira Ayuso <pablo@netfilter.org>	2023-05-07 19:30:46 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2023-05-10 08:05:50 +0200
commit	aceea86de797bcc315d3e759a44b97cbfb724435 (patch)
tree	ea05149c15af3661b0b543608bcd9927c5b30756 /src/evaluate.c
parent	0583bac241ea18c9d7f61cb20ca04faa1e043b78 (diff)