]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 3baa28f) | patch
evaluate: reset eval context when evaluating set definitions
authorFlorian Westphal <fw@strlen.de>
Wed, 18 Apr 2018 12:07:09 +0000 (14:07 +0200)
committerFlorian Westphal <fw@strlen.de>
Wed, 18 Apr 2018 21:25:10 +0000 (23:25 +0200)
commitedf64f6c65e1ebd31713ece236df3de8f7ace444
tree1b208530cc47cc461bda5b2d8611298795110504tree | snapshot
parent3baa28f24b3d70a7ee17d584c113a2c4e057a565commit | diff
evaluate: reset eval context when evaluating set definitions

David reported nft chokes on this:
nft -f /tmp/A
/tmp/A:9:22-45: Error: datatype mismatch, expected concatenation of (IPv4 address, internet network service, IPv4 address), expression has type concatenation of (IPv4 address, internet network service)
cat /tmp/A
flush ruleset;
table ip filter {
set setA {
type ipv4_addr . inet_service . ipv4_addr
flags timeout
}
set setB {
type ipv4_addr . inet_service
flags timeout
}
}

Problem is we leak set definition details of setA to setB via eval
context, so reset this.

Also add test case for this.

Reported-by: David Fabian <david.fabian@bosson.cz>
Signed-off-by: Florian Westphal <fw@strlen.de>
src/evaluate.c diff | blob | blame | history
tests/shell/testcases/sets/0032restore_set_simple_0 [new file with mode: 0755] blob
tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables