On Fri, May 26, 2017 at 01:00:21PM +0200, Arturo Borrero Gonzalez wrote:
> Prevent this assert:
>
> % nft [..] tcp dport set { 0 , 1 }
> BUG: unknown expression type set reference
> nft: netlink_linearize.c:696: netlink_gen_expr: Assertion `0' failed.
> Aborted
>
> We can't use a set here because we will not known which value to use.
>
> With this patch, a proper error message is reported to users:
>
> % nft add rule t c tcp dport set {1, 2, 3, 4, 5}
> <cmdline>:1:28-42: Error: you cannot use a set here, unknown value to use
> add rule t c tcp dport set {1, 2, 3, 4, 5}
> ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^
>
> % nft add rule t c tcp dport set @s
> <cmdline>:1:28-29: Error: you cannot reference a set here, unknown value to use
> add rule t c tcp dport set @s
> ~~~~~~~~~~~~~~^^
>
> This error is reported to all statements which set values.
Applied, thanks Arturo.
Probably you can add a test for this? It would be good to know what
error nft reports in case of BUG: message, so we can distinguish
between command error and assertion/bug.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
