From: Florian Westphal Date: Wed, 18 Apr 2018 12:07:09 +0000 (+0200) Subject: evaluate: reset eval context when evaluating set definitions X-Git-Tag: v0.8.4~20 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=edf64f6c65e1ebd31713ece236df3de8f7ace444;p=thirdparty%2Fnftables.git evaluate: reset eval context when evaluating set definitions David reported nft chokes on this: nft -f /tmp/A /tmp/A:9:22-45: Error: datatype mismatch, expected concatenation of (IPv4 address, internet network service, IPv4 address), expression has type concatenation of (IPv4 address, internet network service) cat /tmp/A flush ruleset; table ip filter { set setA { type ipv4_addr . inet_service . ipv4_addr flags timeout } set setB { type ipv4_addr . inet_service flags timeout } } Problem is we leak set definition details of setA to setB via eval context, so reset this. Also add test case for this. Reported-by: David Fabian Signed-off-by: Florian Westphal --- diff --git a/src/evaluate.c b/src/evaluate.c index db63494c..aee5b1c1 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2974,6 +2974,7 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table) ctx->table = table; list_for_each_entry(set, &table->sets, list) { + expr_set_context(&ctx->ectx, NULL, 0); handle_merge(&set->handle, &table->handle); if (set_evaluate(ctx, set) < 0) return -1; diff --git a/tests/shell/testcases/sets/0032restore_set_simple_0 b/tests/shell/testcases/sets/0032restore_set_simple_0 new file mode 100755 index 00000000..07820b7c --- /dev/null +++ b/tests/shell/testcases/sets/0032restore_set_simple_0 @@ -0,0 +1,6 @@ +#!/bin/bash + +set -e +dumpfile=$(dirname $0)/dumps/$(basename $0).nft + +$NFT -f "$dumpfile" diff --git a/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft b/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft new file mode 100644 index 00000000..86c55491 --- /dev/null +++ b/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft @@ -0,0 +1,11 @@ +table ip filter { + set setA { + type ipv4_addr . inet_service . ipv4_addr + flags timeout + } + + set setB { + type ipv4_addr . inet_service + flags timeout + } +}