Included bogon asserts with: BUG: invalid data expression type range_value Pablo says: "Reject because flags interval is lacking". Make it so. Signed-off-by: Florian Westphal <fw@xxxxxxxxx> --- src/evaluate.c | 18 +++++++++++------- .../invalid_data_expr_type_range_value_assert | 12 ++++++++++++ 2 files changed, 23 insertions(+), 7 deletions(-) create mode 100644 tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert diff --git a/src/evaluate.c b/src/evaluate.c index 7fc210fd3b12..d59993dcdd4e 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -5080,15 +5080,19 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set) return table_not_found(ctx); existing_set = set_cache_find(table, set->handle.set.name); - if (!existing_set) - set_cache_add(set_get(set), table); + if (existing_set) { + if (existing_set->flags & NFT_SET_EVAL) { + uint32_t existing_flags = existing_set->flags & ~NFT_SET_EVAL; + uint32_t new_flags = set->flags & ~NFT_SET_EVAL; - if (existing_set && existing_set->flags & NFT_SET_EVAL) { - uint32_t existing_flags = existing_set->flags & ~NFT_SET_EVAL; - uint32_t new_flags = set->flags & ~NFT_SET_EVAL; + if (existing_flags == new_flags) + set->flags |= NFT_SET_EVAL; + } - if (existing_flags == new_flags) - set->flags |= NFT_SET_EVAL; + if (set_is_interval(set->flags) && !set_is_interval(existing_set->flags)) + return set_error(ctx, set, "existing %s lacks interval flag", type); + } else { + set_cache_add(set_get(set), table); } } diff --git a/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert new file mode 100644 index 000000000000..4637a4f9b9df --- /dev/null +++ b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert @@ -0,0 +1,12 @@ +table ip x { + map y { + type ipv4_addr : ipv4_addr + elements = { 1.168.0.4 } + } + + map y { + type ipv4_addr : ipv4_addr + flags interval + elements = { 10.141.3.0/24 : 192.8.0.3 } + } +} -- 2.45.3