evaluate: set: Allow for set elems to be sets

Recursive use of sets is handled in parts by parser_bison.y, which
has a rule for inline unnamed sets in set_list_member_expr, e.g. like
this:

| add rule ip saddr { { 1.1.1.0, 2.2.2.0 }, 3.3.3.0 }

Yet there is another way to have an unnamed set inline, which is via
define:

| define myset = {
| 	1.1.1.0,
| 	2.2.2.0,
| }
| add rule ip saddr { $myset, 3.3.3.0 }

This didn't work because the inline set comes in as EXPR_SET_ELEM with
EXPR_SET as key. This patch handles that case by replacing the former by
a copy of the latter, so the following set list merging can take place.

Signed-off-by: Phil Sutter <phil@nwl.cc>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 8fb716c062449897437d823d4af7e69ee8e9141f..86ff8ebd17629ffc1b94f757e3a5e9ef43893602 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1132,6 +1132,15 @@ static int expr_evaluate_set(struct eval_ctx *ctx, struct expr **expr)
                        return expr_error(ctx->msgs, i,
                                          "Set reference cannot be part of another set");
 
+               if (i->ops->type == EXPR_SET_ELEM &&
+                   i->key->ops->type == EXPR_SET) {
+                       struct expr *new = expr_clone(i->key);
+
+                       list_replace(&i->list, &new->list);
+                       expr_free(i);
+                       i = new;
+               }
+
                if (!expr_is_constant(i))
                        return expr_error(ctx->msgs, i,
                                          "Set member is not constant");