git.ipfire.org Git - thirdparty/nftables.git/commit

]> git.ipfire.org Git - thirdparty/nftables.git/commit

projects / thirdparty / nftables.git / commit

author	Pablo Neira Ayuso <pablo@netfilter.org>
	Wed, 10 Jan 2024 18:05:35 +0000 (19:05 +0100)
committer	Pablo Neira Ayuso <pablo@netfilter.org>
	Fri, 12 Jan 2024 11:19:55 +0000 (12:19 +0100)
commit	98c51aaac42b6d180f198d3d2f5b3425ab63ad72
tree	8c6aff2499f1fb5a00a7ef5027fbc9bafd7636bd	tree
parent	955bb6d31c90453e43043346c917646ddc4e5c4e	commit \| diff

evaluate: bail out if anonymous concat set defines a non concat expression

Iterate over the element list in the anonymous set to validate that all
expressions are concatenations, otherwise bail out.

  ruleset.nft:3:46-53: Error: expression is not a concatenation
               ip protocol . th dport vmap { tcp / 22 : accept, tcp . 80 : drop}
                                             ^^^^^^^^

This is based on a patch from Florian Westphal.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

src/evaluate.c		diff \| blob \| blame \| history
tests/shell/testcases/bogons/nft-f/unhandled_key_type_13_assert	[new file with mode: 0644]	blob
tests/shell/testcases/bogons/nft-f/unhandled_key_type_13_assert_map	[new file with mode: 0644]	blob
tests/shell/testcases/bogons/nft-f/unhandled_key_type_13_assert_vmap	[new file with mode: 0644]	blob

Mirror of git://git.netfilter.org/nftables

RSS Atom