# cat x.nft
define lala = { eth0, eth1 }
table ip x {
chain y {
iifname vmap { lo : accept, $lala : drop }
}
}
# nft -f x.nft
x.nft:5:16-44: Error: Could not process rule: Invalid argument
iifname vmap { lo : accept, $lala : drop }
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
instead:
x.nft:1:15-28: Error: Element key in map cannot be a set
define lala = { eth0, eth1 }
^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/evaluate.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index 8b5f51cee01c..110a40413c1c 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1395,16 +1395,23 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
if (expr_evaluate(ctx, &elem->key) < 0)
return -1;
- if (ctx->set &&
- !(ctx->set->flags & (NFT_SET_ANONYMOUS | NFT_SET_INTERVAL))) {
- switch (elem->key->etype) {
- case EXPR_PREFIX:
- case EXPR_RANGE:
- return expr_error(ctx->msgs, elem,
- "You must add 'flags interval' to your %s declaration if you want to add %s elements",
- set_is_map(ctx->set->flags) ? "map" : "set", expr_name(elem->key));
- default:
- break;
+ if (ctx->set) {
+ if (!(ctx->set->flags & (NFT_SET_ANONYMOUS | NFT_SET_INTERVAL))) {
+ switch (elem->key->etype) {
+ case EXPR_PREFIX:
+ case EXPR_RANGE:
+ return expr_error(ctx->msgs, elem,
+ "You must add 'flags interval' to your %s declaration if you want to add %s elements",
+ set_is_map(ctx->set->flags) ? "map" : "set", expr_name(elem->key));
+ break;
+ default:
+ break;
+ }
+ }
+ if (set_is_map(ctx->set->flags) &&
+ elem->key->etype == EXPR_SET) {
+ return expr_error(ctx->msgs, elem->key,
+ "Element key in map cannot be a set");
}
}
--
2.20.1
