git.ipfire.org Git - thirdparty/nftables.git/commit

author	Florian Westphal <fw@strlen.de>
	Wed, 24 May 2023 11:25:22 +0000 (13:25 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 22 Jan 2025 23:41:55 +0000 (00:41 +0100)
commit	05dda2dc5278d2654a213184d8e891ae09ad6def
tree	70222903d982aa6cd1a56cf09de34464364a975a	tree \| snapshot
parent	eda522887fa62e9ddd2015acb76463e8b6d0a321	commit \| diff

src: permit use of constant values in set lookup keys

commit b422b07ab2f96436001f33dfdfd937238033c799 upstream.

Something like:

Given: set s { type ipv4_addr . ipv4_addr . inet_service .. } something
like
add rule ip saddr . 1.2.3.4 . 80 @s goto c1

fails with: "Error: Can't parse symbolic invalid expressions".

This fails because the relational expression first evaluates
the left hand side, so when concat evaluation sees '1.2.3.4'
no key context is available.

Check if the RHS is a set reference, and, if so, evaluate
the right hand side.

This sets a pointer to the set key in the evaluation context
structure which then makes the concat evaluation step parse
1.2.3.4 and 80 as ipv4 address and 16bit port number.

On delinearization, extend relop postprocessing to
copy the datatype from the rhs (set reference, has
proper datatype according to set->key) to the lhs (concat
expression).

Signed-off-by: Florian Westphal <fw@strlen.de>

src/evaluate.c		diff \| blob \| blame \| history
src/netlink_delinearize.c		diff \| blob \| blame \| history
tests/shell/testcases/sets/dumps/type_set_symbol.nft	[new file with mode: 0644]	blob
tests/shell/testcases/sets/type_set_symbol	[new file with mode: 0755]	blob