Otherwise, we cannot validate mismatching length size when combining raw
expressions with sets and maps, eg.
# cat /tmp/test
table ip nftlb {
map persistency {
type ipv4_addr : mark
size 65535
timeout 1h
}
chain pre {
type filter hook prerouting priority filter; policy accept;
ip protocol { tcp, udp } update @persistency { @th,0,16 : numgen
inc mod 2 offset 100 }
}
}
# nft -f /tmp/test
/tmp/test:10:68-75: Error: datatype mismatch: expected IPv4 address,
expression has type integer with length 16
ip protocol { tcp, udp } update @persistency { @th,0,16 :
numgen inc mod 2 offset 100 }
~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Pass inner expression instead, instead of the wrapping set element
expression.
Signed-off-by: Pablo Neira Ayuso <pa...@netfilter.org>
---
src/evaluate.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 66e9293fd4ca..dbeedc959347 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2733,7 +2733,7 @@ static int stmt_evaluate_set(struct eval_ctx *ctx, struct
stmt *stmt)
stmt->set.set->set->key->dtype,
stmt->set.set->set->key->len,
stmt->set.set->set->key->byteorder,
- &stmt->set.key) < 0)
+ &stmt->set.key->key) < 0)
return -1;
if (expr_is_constant(stmt->set.key))
return expr_error(ctx->msgs, stmt->set.key,
@@ -2765,7 +2765,7 @@ static int stmt_evaluate_map(struct eval_ctx *ctx, struct
stmt *stmt)
stmt->map.set->set->key->dtype,
stmt->map.set->set->key->len,
stmt->map.set->set->key->byteorder,
- &stmt->map.key) < 0)
+ &stmt->map.key->key) < 0)
return -1;
if (expr_is_constant(stmt->map.key))
return expr_error(ctx->msgs, stmt->map.key,
--
2.11.0
