From 8aa3281b3c9db9e16f72c5b387ec02fa56da51f5 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Mon, 4 Jan 2021 21:24:47 +0100 Subject: src: set on flags to request multi-statement support Old kernel reject requests for element with multiple statements because userspace sets on the flags for multi-statements. Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 8 ++++++++ src/netlink_linearize.c | 2 ++ 2 files changed, 10 insertions(+) (limited to 'src') diff --git a/src/evaluate.c b/src/evaluate.c index ab9357fa..38dbc33d 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -3671,7 +3671,9 @@ static int set_key_data_error(struct eval_ctx *ctx, const struct set *set, static int set_evaluate(struct eval_ctx *ctx, struct set *set) { + unsigned int num_stmts = 0; struct table *table; + struct stmt *stmt; const char *type; table = table_lookup_global(ctx); @@ -3732,6 +3734,12 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) if (set->timeout) set->flags |= NFT_SET_TIMEOUT; + list_for_each_entry(stmt, &set->stmt_list, list) + num_stmts++; + + if (num_stmts > 1) + set->flags |= NFT_SET_EXPR; + if (set_is_anonymous(set->flags)) return 0; diff --git a/src/netlink_linearize.c b/src/netlink_linearize.c index 09d0c61c..f1b3ff69 100644 --- a/src/netlink_linearize.c +++ b/src/netlink_linearize.c @@ -1429,6 +1429,8 @@ static void netlink_gen_set_stmt(struct netlink_linearize_ctx *ctx, nftnl_expr_add_expr(nle, NFTNL_EXPR_DYNSET_EXPRESSIONS, netlink_gen_stmt_stateful(this)); } + nftnl_expr_set_u32(nle, NFTNL_EXPR_DYNSET_FLAGS, + NFT_DYNSET_F_EXPR); } } -- cgit v1.2.3