Unfortunately that does not seem to fix the problem using the flat notation. I
believe the same fix has to be applied to
cmd_evaluate_add()
as well.
case CMD_OBJ_SET:
ret = cache_update(ctx->nf_sock, ctx->cache, cmd->op,
ctx->msgs, ctx->debug_mask & NFT_DEBUG_NETLINK, ctx->octx);
if (ret < 0)
return ret;
+ expr_set_context(&ctx->ectx, NULL, 0);
handle_merge(&cmd->set->handle, &cmd->handle);
return set_evaluate(ctx, cmd->set);
--
S pozdravem,
David Fabian
Cluster Design, s.r.o.
Dne středa 18. dubna 2018 14:07:09 CEST jste napsal(a):
> David reported nft chokes on this:
> nft -f /tmp/A
> /tmp/A:9:22-45: Error: datatype mismatch, expected concatenation of (IPv4
> address, internet network service, IPv4 address), expression has type
> concatenation of (IPv4 address, internet network service) cat /tmp/A
> flush ruleset;
> table ip filter {
> set setA {
> type ipv4_addr . inet_service . ipv4_addr
> flags timeout
> }
> set setB {
> type ipv4_addr . inet_service
> flags timeout
> }
> }
>
> Problem is we leak set definition details of setA to setB via eval
> context, so reset this.
>
> Also add test case for this.
>
> Reported-by: David Fabian <david.fabian@xxxxxxxxx>
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> src/evaluate.c | 1 +
> tests/shell/testcases/sets/0032restore_set_simple_0 | 6 ++++++
> tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft | 11
> +++++++++++ 3 files changed, 18 insertions(+)
> create mode 100755 tests/shell/testcases/sets/0032restore_set_simple_0
> create mode 100644
> tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft
>
> diff --git a/src/evaluate.c b/src/evaluate.c
> index db63494ce2f3..aee5b1c15c7a 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -2974,6 +2974,7 @@ static int table_evaluate(struct eval_ctx *ctx, struct
> table *table)
>
> ctx->table = table;
> list_for_each_entry(set, &table->sets, list) {
> + expr_set_context(&ctx->ectx, NULL, 0);
> handle_merge(&set->handle, &table->handle);
> if (set_evaluate(ctx, set) < 0)
> return -1;
> diff --git a/tests/shell/testcases/sets/0032restore_set_simple_0
> b/tests/shell/testcases/sets/0032restore_set_simple_0 new file mode 100755
> index 000000000000..07820b7c4fdd
> --- /dev/null
> +++ b/tests/shell/testcases/sets/0032restore_set_simple_0
> @@ -0,0 +1,6 @@
> +#!/bin/bash
> +
> +set -e
> +dumpfile=$(dirname $0)/dumps/$(basename $0).nft
> +
> +$NFT -f "$dumpfile"
> diff --git a/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft
> b/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft new file
> mode 100644
> index 000000000000..86c55491b277
> --- /dev/null
> +++ b/tests/shell/testcases/sets/dumps/0032restore_set_simple_0.nft
> @@ -0,0 +1,11 @@
> +table ip filter {
> + set setA {
> + type ipv4_addr . inet_service . ipv4_addr
> + flags timeout
> + }
> +
> + set setB {
> + type ipv4_addr . inet_service
> + flags timeout
> + }
> +}
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
