diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-03 12:20:29 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-03-03 12:27:33 +0100 |
commit | 99eb46969f3d7ccd37899f2755055fe7511c46b0 (patch) | |
tree | 2257e10537fd5c8f7834cfb4483855f24fb849b3 /src/optimize.c | |
parent | e8f0fa21fd77ecc51faf39cefa3cccdb7d6a30cf (diff) |
optimize: fix vmap with anonymous sets
The following example ruleset crashes:
table inet a {
chain b {
tcp dport { 1 } accept
tcp dport 2-3 drop
}
}
because handling for EXPR_SET is missing.
Fixes: 1542082e259b ("optimize: merge same selector with different verdict into verdict map")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/optimize.c')
-rw-r--r-- | src/optimize.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/optimize.c b/src/optimize.c index 04523edb..64c0a4db 100644 --- a/src/optimize.c +++ b/src/optimize.c @@ -435,18 +435,22 @@ static void build_verdict_map(struct expr *expr, struct stmt *verdict, struct ex { struct expr *item, *elem, *mapping; - if (expr->etype == EXPR_LIST) { + switch (expr->etype) { + case EXPR_LIST: + case EXPR_SET: list_for_each_entry(item, &expr->expressions, list) { elem = set_elem_expr_alloc(&internal_location, expr_get(item)); mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); } - } else { + break; + default: elem = set_elem_expr_alloc(&internal_location, expr_get(expr)); mapping = mapping_expr_alloc(&internal_location, elem, expr_get(verdict->expr)); compound_expr_add(set, mapping); + break; } } |