The bison parser doesn't allow this to happen due to grammar
restrictions, but the json input has no such issues.
The bogon input assigns 'notrack' which triggers:
BUG: unknown stateful statement type 19
nft: src/netlink_linearize.c:1061: netlink_gen_stmt_stateful: Assertion `0' failed.
After patch, we get:
Error: map statement must be stateful
Fixes: 07958ec53830 ("json: add set statement list support")
Signed-off-by: Florian Westphal <fw@strlen.de>
Reviewed-by: Pablo Neira Ayuso <pablo@netfilter.org>
if (set->timeout)
set->flags |= NFT_SET_TIMEOUT;
- list_for_each_entry(stmt, &set->stmt_list, list)
+ list_for_each_entry(stmt, &set->stmt_list, list) {
+ if (stmt_evaluate_stateful(ctx, stmt,type) < 0)
+ return -1;
num_stmts++;
+ }
if (num_stmts > 1)
set->flags |= NFT_SET_EXPR;
--- /dev/null
+{
+ "nftables": [
+ {
+ "metainfo": {
+ "version": "VERSION",
+ "release_name": "RELEASE_NAME",
+ "json_schema_version": 1
+ }
+ },
+ {
+ "table": {
+ "family": "ip",
+ "name": "t",
+ "handle": 0
+ }
+ },
+ {
+ "map": {
+ "family": "ip",
+ "name": "m",
+ "table": "t",
+ "type": "ipv4_addr",
+ "handle": 0,
+ "map": "mark",
+ "stmt": [
+ {
+ "notrack": null
+ }
+ ]
+ }
+ }
+ ]
+}
+
projects / thirdparty / nftables.git / commitdiff
