If you declare a set with no interval flag, you get this bug message:
# nft add element filter myset { 192.168.1.100/24 }
BUG: invalid data expression type prefix
nft: netlink.c:323: netlink_gen_data: Assertion `0' failed.
Aborted
After this patch, we provide a clue to the user:
# nft add element filter myset { 192.168.1.100/24 }
<cmdline>:1:23-38: Error: Set member cannot be prefix, missing interval flag on declaration
add element filter myset { 192.168.1.100/24 }
^^^^^^^^^^^^^^^^
# nft add element filter myset { 192.168.1.100-192.168.1.200 }
<cmdline>:1:23-49: Error: Set member cannot be range, missing interval flag on declaration
add element filter myset { 192.168.1.100-192.168.1.200 }
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 346e34f..be4dac7 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -957,6 +957,21 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
if (expr_evaluate(ctx, &elem->key) < 0)
return -1;
+ if (ctx->set && !(ctx->set->flags & SET_F_INTERVAL)) {
+ switch (elem->key->ops->type) {
+ case EXPR_PREFIX:
+ return expr_error(ctx->msgs, elem,
+ "Set member cannot be prefix, "
+ "missing interval flag on declaration");
+ case EXPR_RANGE:
+ return expr_error(ctx->msgs, elem,
+ "Set member cannot be range, "
+ "missing interval flag on declaration");
+ default:
+ break;
+ }
+ }
+
elem->dtype = elem->key->dtype;
elem->len = elem->key->len;
elem->flags = elem->key->flags;
--
2.1.4
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
