evaluate: merge nested set flags

A set may contain a nested set element definition, merge the nested set flags so we don't hit: BUG: invalid data expression type range nft: netlink.c:400: netlink_gen_data: Assertion `0' failed. Aborted With the following example ruleset: define dnat_ports = { 1234-1567 } define port_allow = { 53, # dns $dnat_ports, # dnat } add rule x y tcp dport $port_allow accept Closes: https://bugzilla.netfilter.org/show_bug.cgi?id=1145 Fixes: a6b75b837f5e ("evaluate: set: Allow for set elems to be sets") Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2017-06-18 13:08:36 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2017-06-19 10:36:46 +0200
commit: bada2f9c182dddf72a6d3b7b00c9eace7eb596c3 (patch)
tree: a2e2a39bb20e288c1ff0d868826e6744c9e2e8dd /src
parent: fda79e96bcaa5fc927523b582bfc42c8ad22deca (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index cee99272..ec898033 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1150,6 +1150,7 @@ static int expr_evaluate_set(struct eval_ctx *ctx, struct expr **expr)
 		    i->key->ops->type == EXPR_SET) {
 			struct expr *new = expr_clone(i->key);
 
+			set->set_flags |= i->key->set_flags;
 			list_replace(&i->list, &new->list);
 			expr_free(i);
 			i = new;
author	Pablo Neira Ayuso <pablo@netfilter.org>	2017-06-18 13:08:36 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2017-06-19 10:36:46 +0200
commit	bada2f9c182dddf72a6d3b7b00c9eace7eb596c3 (patch)
tree	a2e2a39bb20e288c1ff0d868826e6744c9e2e8dd /src
parent	fda79e96bcaa5fc927523b582bfc42c8ad22deca (diff)