This patch adds a lazy check to validate that the first element is not a
concatenation. The segtree code does not support for concatenations,
bail out with EOPNOTSUPP.
# nft add element x y { 10.0.0.0/8 . 192.168.1.3-192.168.1.9 . 1024-65535 }
Error: Could not process rule: Operation not supported
add element x y { 10.0.0.0/8 . 192.168.1.3-192.168.1.9 . 1024-65535 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Otherwise, the segtree code barfs with:
BUG: invalid range expression type concat
Reported-by: Florian Westphal <fw@xxxxxxxxx>
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/segtree.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/segtree.c b/src/segtree.c
index 8d79332d8578..85310f62c429 100644
--- a/src/segtree.c
+++ b/src/segtree.c
@@ -419,6 +419,17 @@ static int set_to_segtree(struct list_head *msgs, struct set *set,
unsigned int n;
int err;
+ /* Probe for the first element to check for concatenations, this code
+ * does not support for intervals and concatenations.
+ */
+ if (init) {
+ i = list_first_entry(&init->expressions, struct expr, list);
+ if (i->key->etype == EXPR_CONCAT) {
+ errno = EOPNOTSUPP;
+ return -1;
+ }
+ }
+
/* We are updating an existing set with new elements, check if the new
* interval overlaps with any of the existing ones.
*/
--
2.11.0
