diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-04 21:24:47 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-01-04 21:24:47 +0100 |
commit | 8aa3281b3c9db9e16f72c5b387ec02fa56da51f5 (patch) | |
tree | c61b6d5b55c131597ca1448edfd832292e4a69bb /src | |
parent | 38a110874c006cc42b1a1e97f3cb082a33169c35 (diff) |
src: set on flags to request multi-statement support
Old kernel reject requests for element with multiple statements because
userspace sets on the flags for multi-statements.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src')
-rw-r--r-- | src/evaluate.c | 8 | ||||
-rw-r--r-- | src/netlink_linearize.c | 2 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index ab9357fa..38dbc33d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3671,7 +3671,9 @@ static int set_key_data_error(struct eval_ctx *ctx, const struct set *set, static int set_evaluate(struct eval_ctx *ctx, struct set *set) { + unsigned int num_stmts = 0; struct table *table; + struct stmt *stmt; const char *type; table = table_lookup_global(ctx); @@ -3732,6 +3734,12 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) if (set->timeout) set->flags |= NFT_SET_TIMEOUT; + list_for_each_entry(stmt, &set->stmt_list, list) + num_stmts++; + + if (num_stmts > 1) + set->flags |= NFT_SET_EXPR; + if (set_is_anonymous(set->flags)) return 0; diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 09d0c61c..f1b3ff69 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1429,6 +1429,8 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, nftnl_expr_add_expr(nle, NFTNL_EXPR_DYNSET_EXPRESSIONS, netlink_gen_stmt_stateful(this)); } + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_FLAGS, + NFT_DYNSET_F_EXPR); } } |