diff options
-rw-r--r-- | src/evaluate.c | 10 | ||||
-rw-r--r-- | tests/shell/testcases/sets/dumps/set_eval_0.nft | 11 | ||||
-rwxr-xr-x | tests/shell/testcases/sets/set_eval_0 | 17 |
3 files changed, 34 insertions, 4 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 1447a4c2..82bf1311 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -4005,8 +4005,9 @@ static int setelem_evaluate(struct eval_ctx *ctx, struct cmd *cmd) cmd->elem.set = set_get(set); if (set_is_interval(ctx->set->flags) && - !(set->flags & NFT_SET_CONCAT)) - return interval_set_eval(ctx, ctx->set, cmd->expr); + !(set->flags & NFT_SET_CONCAT) && + interval_set_eval(ctx, ctx->set, cmd->expr) < 0) + return -1; ctx->set = NULL; @@ -4184,8 +4185,9 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) } if (set_is_interval(ctx->set->flags) && - !(ctx->set->flags & NFT_SET_CONCAT)) - return interval_set_eval(ctx, ctx->set, set->init); + !(ctx->set->flags & NFT_SET_CONCAT) && + interval_set_eval(ctx, ctx->set, set->init) < 0) + return -1; ctx->set = NULL; diff --git a/tests/shell/testcases/sets/dumps/set_eval_0.nft b/tests/shell/testcases/sets/dumps/set_eval_0.nft new file mode 100644 index 00000000..a45462b8 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/set_eval_0.nft @@ -0,0 +1,11 @@ +table ip nat { + set set_with_interval { + type ipv4_addr + flags interval + } + + chain prerouting { + type nat hook prerouting priority dstnat; policy accept; + meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1 + } +} diff --git a/tests/shell/testcases/sets/set_eval_0 b/tests/shell/testcases/sets/set_eval_0 new file mode 100755 index 00000000..82b6d3bc --- /dev/null +++ b/tests/shell/testcases/sets/set_eval_0 @@ -0,0 +1,17 @@ +#!/bin/bash + +set -e + +RULESET="table ip nat { + set set_with_interval { + type ipv4_addr + flags interval + } + + chain prerouting { + type nat hook prerouting priority dstnat; policy accept; + meta l4proto { tcp, udp } th dport 443 dnat to 10.0.0.1 + } +}" + +$NFT -f - <<< $RULESET |