]> git.ipfire.org Git - thirdparty/nftables.git/commit
projects / thirdparty / nftables.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2674695) | patch
evaluate: check element key vs. set definition
authorFlorian Westphal <fw@strlen.de>
Thu, 26 Jun 2025 14:52:31 +0000 (16:52 +0200)
committerFlorian Westphal <fw@strlen.de>
Sun, 13 Jul 2025 12:53:00 +0000 (14:53 +0200)
commit7f4d7fef31bd282b8e37d6d401208535a1e74d17
tree84cbab3beeadf7e462a3965dac3ade0c21ff7567tree
parent26746952952bba8c19aebbd03a55decbc0d0c5fccommit | diff
evaluate: check element key vs. set definition

Included bogon asserts with:
 src/datatype.c:253: symbolic_constant_print: Assertion `expr->len / BITS_PER_BYTE <= sizeof(val)' failed.

Resolve this by validating that the set element key matches the set key
definition.

After this, loading the bogon file gives:
Error: Element mismatches set definition, expected concatenation of (IPv4 address, integer), not 'ICMP type'
elements = {redirect }
           ^^^^^^^^

Signed-off-by: Florian Westphal <fw@strlen.de>
src/evaluate.c diff | blob | blame | history
tests/shell/testcases/bogons/nft-f/symbolic_constant_print_assert [new file with mode: 0644] blob
Mirror of git://git.netfilter.org/nftables