diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-12 16:41:59 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2016-07-12 17:07:03 +0200 |
commit | 7ed4f4072372c65462b20b69b659a3790bf57f54 (patch) | |
tree | 5ff1296ae1eeb256ed8345464dcbbe30e2ffd2d0 /src/payload.c | |
parent | 82dfc87c85f00acfa0d46369ae3f66c26a93f502 (diff) |
parser_bison: restore parsing of dynamic set element updates
Add a new set_elem_expr_stmt production to handle dynamic set element
updates from rules.
Quickly tested this here through:
# nft add table filter
# nft add chain filter input { type filter hook input priority 0\; }
# nft add set filter myset { type inet_service\; flags timeout\; }
# nft add rule filter input set add tcp sport timeout 60s @myset
# nft list ruleset
table ip filter {
set myset {
type inet_service
flags timeout
elements = { http expires 9s}
}
chain input {
type filter hook input priority 0; policy accept;
set add tcp dport timeout 1m @myset
}
}
Fixes: a3e60492a684 ("parser: restrict relational rhs expression recursion")
Reported-by: Anders K. Pedersen <akp@akp.dk>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/payload.c')
0 files changed, 0 insertions, 0 deletions