The rule:
# nft add rule x y iifname . oifname p . q
is equivalent to:
# nft add rule x y iifname p oifname q
Bail out with:
Error: Use concatenations with sets and maps, not singleton values
add rule x y iifname . oifname p . q
^^^^^^^^^^^^^^^^^ ~~~~~
instead of:
BUG: invalid expression type concat
nft: evaluate.c:1916: expr_evaluate_relational: Assertion `0' failed.
Aborted
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/evaluate.c b/src/evaluate.c
index 9290c6ff39ef..1f56dae5ec13 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1912,6 +1912,10 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0)
return -1;
break;
+ case EXPR_CONCAT:
+ return expr_binary_error(ctx->msgs, left, right,
+ "Use concatenations with sets and maps, not singleton values");
+ break;
default:
BUG("invalid expression type %s\n", expr_name(right));
}
--
2.20.1
