# nft add set filter test { type ipv4_addr; }
# nft filter input ip daddr vmap @test
Before:
<cmdline>:0:0-32: Error: Could not process rule: Invalid argument
filter input ip daddr vmap @test
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
After:
<cmdline>:1:28-32: Error: Expression is not a map
filter input ip daddr vmap @test
^^^^^
Signed-off-by: Patrick McHardy <kaber@xxxxxxxxx>
---
src/evaluate.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index d24d4cc..651465a 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -738,7 +738,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
case EXPR_SYMBOL:
if (expr_evaluate(ctx, &map->mappings) < 0)
return -1;
- if (map->mappings->ops->type != EXPR_SET_REF)
+ if (map->mappings->ops->type != EXPR_SET_REF ||
+ !(map->mappings->set->flags & NFT_SET_MAP))
return expr_error(ctx->msgs, map->mappings,
"Expression is not a map");
break;
--
2.1.0
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
