From 6340734d7034d2424d3a5e34c3042c97a63b8b2d Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 17 Oct 2018 12:31:22 +0200
Subject: evaluate: bogus bail out with raw expression from dynamic sets

The following ruleset that uses raw expressions:

 table ip nftlb {
        map persistency {
                type inet_service : mark
                size 65535
                timeout 1h
                elements = { 53 expires 59m55s864ms : 0x00000064, 80 expires 59m58s924ms : 0x00000065, 443 expires 59m56s220ms : 0x00000064 }
        }

        chain pre {
                type filter hook prerouting priority filter; policy accept;
                ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 }
        }
 }

bogusly bails out with:

 /tmp/test:9:57-64: Error: datatype mismatch: expected internet network service, expression has type integer
         ip protocol { tcp, udp } update @persistencia { @th,0,16 : numgen inc mod 2 offset 100 }
                                  ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fix the problem by evaluating expression basetype and length in this case.

Reported-by: Laura Garcia <nevola@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/datatype.h | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'include/datatype.h')

diff --git a/include/datatype.h b/include/datatype.h
index eab505ba..f7092f06 100644
--- a/include/datatype.h
+++ b/include/datatype.h
@@ -171,6 +171,12 @@ static inline bool datatype_equal(const struct datatype *d1,
 	return d1->type == d2->type;
 }
 
+static inline const struct datatype *
+datatype_basetype(const struct datatype *dtype)
+{
+	return dtype->basetype ? dtype->basetype : dtype;
+}
+
 /**
  * struct symbolic_constant - symbol <-> constant mapping
  *
-- 
cgit v1.2.3