git.ipfire.org Git - thirdparty/nftables.git/commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 11 Jun 2021 16:51:08 +0000 (18:51 +0200)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 11 Jun 2021 17:55:46 +0000 (19:55 +0200)
commit	bbcc5eda7e5880cf605ff470d5830dfae5da925b
tree	2f76688c818ba40c1a6867f445d0a2dc498d186a	tree \| snapshot
parent	d2fba515ff94b4a8fb507ac8ca4c45ed25371c47	commit \| diff

evaluate: restore interval + concatenation in anonymous set

Perform the table and set lookup only for non-anonymous sets, where the
incremental cache update is required.

The problem fixed by 7aa08d45031e ("evaluate: Perform set evaluation on
implicitly declared (anonymous) sets") resurrected after the cache
rework.

# nft add rule x y tcp sport . tcp dport vmap { ssh . 0-65535 : accept, 0-65535 . ssh : accept }
BUG: invalid range expression type concat
nft: expression.c:1422: range_expr_value_low: Assertion `0' failed.
Abort

Add a test case to make sure this does not happen again.

Fixes: 5ec5c706d993 ("cache: add hashtable cache for table")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/evaluate.c		diff \| blob \| blame \| history
tests/py/ip/ip.t		diff \| blob \| blame \| history
tests/py/ip/ip.t.payload		diff \| blob \| blame \| history
tests/py/ip/ip.t.payload.bridge		diff \| blob \| blame \| history
tests/py/ip/ip.t.payload.inet		diff \| blob \| blame \| history
tests/py/ip/ip.t.payload.netdev		diff \| blob \| blame \| history