Included bogon asserts with:
BUG: invalid data expression type range_value
Pablo says: "Reject because flags interval is lacking".
Make it so.
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 18 +++++++++++-------
.../invalid_data_expr_type_range_value_assert | 12 ++++++++++++
2 files changed, 23 insertions(+), 7 deletions(-)
create mode 100644 tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert
diff --git a/src/evaluate.c b/src/evaluate.c
index 7fc210fd3b12..d59993dcdd4e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -5080,15 +5080,19 @@ static int set_evaluate(struct eval_ctx *ctx, struct set *set)
return table_not_found(ctx);
existing_set = set_cache_find(table, set->handle.set.name);
- if (!existing_set)
- set_cache_add(set_get(set), table);
+ if (existing_set) {
+ if (existing_set->flags & NFT_SET_EVAL) {
+ uint32_t existing_flags = existing_set->flags & ~NFT_SET_EVAL;
+ uint32_t new_flags = set->flags & ~NFT_SET_EVAL;
- if (existing_set && existing_set->flags & NFT_SET_EVAL) {
- uint32_t existing_flags = existing_set->flags & ~NFT_SET_EVAL;
- uint32_t new_flags = set->flags & ~NFT_SET_EVAL;
+ if (existing_flags == new_flags)
+ set->flags |= NFT_SET_EVAL;
+ }
- if (existing_flags == new_flags)
- set->flags |= NFT_SET_EVAL;
+ if (set_is_interval(set->flags) && !set_is_interval(existing_set->flags))
+ return set_error(ctx, set, "existing %s lacks interval flag", type);
+ } else {
+ set_cache_add(set_get(set), table);
}
}
diff --git a/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert
new file mode 100644
index 000000000000..4637a4f9b9df
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/invalid_data_expr_type_range_value_assert
@@ -0,0 +1,12 @@
+table ip x {
+ map y {
+ type ipv4_addr : ipv4_addr
+ elements = { 1.168.0.4 }
+ }
+
+ map y {
+ type ipv4_addr : ipv4_addr
+ flags interval
+ elements = { 10.141.3.0/24 : 192.8.0.3 }
+ }
+}
--
2.45.3
