From 79ade4acce376bb24e17ee5c42ac9cc3063b1e6f Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Fri, 26 May 2017 11:49:13 +0100
Subject: rule: adjust set expression size accordingly with intervals

For implicit sets, we have to call set_to_intervals() before we add the
set so we have the net size in elements.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/rule.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/rule.c b/src/rule.c
index 5923bf64..0d9e393a 100644
--- a/src/rule.c
+++ b/src/rule.c
@@ -914,10 +914,6 @@ static int do_add_chain(struct netlink_ctx *ctx, const struct handle *h,
 static int __do_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
 			     struct set *set, struct expr *expr, bool excl)
 {
-	if (set->flags & NFT_SET_INTERVAL &&
-	    set_to_intervals(ctx->msgs, set, expr, true) < 0)
-		return -1;
-
 	expr->set_flags |= set->flags;
 	if (netlink_add_setelems(ctx, h, expr, excl) < 0)
 		return -1;
@@ -934,18 +930,27 @@ static int do_add_setelems(struct netlink_ctx *ctx, const struct handle *h,
 	table = table_lookup(h);
 	set = set_lookup(table, h->set);
 
+	if (set->flags & NFT_SET_INTERVAL &&
+	    set_to_intervals(ctx->msgs, set, init, true) < 0)
+		return -1;
+
 	return __do_add_setelems(ctx, h, set, init, excl);
 }
 
 static int do_add_set(struct netlink_ctx *ctx, const struct handle *h,
 		      struct set *set, bool excl)
 {
+	if (set->init != NULL) {
+		if (set->flags & NFT_SET_INTERVAL &&
+		    set_to_intervals(ctx->msgs, set, set->init, true) < 0)
+			return -1;
+	}
 	if (netlink_add_set(ctx, h, set, excl) < 0)
 		return -1;
-	if (set->init != NULL)
+	if (set->init != NULL) {
 		return __do_add_setelems(ctx, &set->handle, set, set->init,
 					 false);
-
+	}
 	return 0;
 }
 
-- 
cgit v1.2.3