]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8cdc78e)
evaluate: fix rule replacement with anon sets
authorFlorian Westphal <fw@strlen.de>
Sun, 19 Nov 2023 12:05:55 +0000 (13:05 +0100)
committerPablo Neira Ayuso <pablo@netfilter.org>
Tue, 21 Nov 2023 14:55:56 +0000 (15:55 +0100)
commit 256904b1ded6314974dddc75726149f7b19d33f4 upstream.

nft replace rule t c handle 3 'jhash ip protocol . ip saddr mod 170 vmap { 0-94 : goto wan1, 95-169 : goto wan2, 170-269 }"'
BUG: unhandled op 2
nft: src/evaluate.c:1748: interval_set_eval: Assertion `0' failed.

Fixes: 81e36530fcac ("src: replace interval segment tree overlap and automerge")
Reported-by: Tino Reichardt <milky-netfilter@mcmilk.de>
Signed-off-by: Florian Westphal <fw@strlen.de>
src/evaluate.c patch | blob | blame | history

diff --git a/src/evaluate.c b/src/evaluate.c
index fd7354e99cb35d2a51d6ccd0924a38c65c85afa5..bc27041621f1823e45955f15620f4f09515a7c75 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1571,6 +1571,7 @@ static int interval_set_eval(struct eval_ctx *ctx, struct set *set,
        switch (ctx->cmd->op) {
        case CMD_CREATE:
        case CMD_ADD:
+       case CMD_REPLACE:
        case CMD_INSERT:
                if (set->automerge) {
                        ret = set_automerge(ctx->msgs, ctx->cmd, set, init,
Mirror of git://git.netfilter.org/nftables