Before:
nft: evaluate.c:1849: __mapping_expr_expand: Assertion `i->etype == EXPR_MAPPING' failed.
after:
Error: expected mapping, not set element
snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24, 10.141.12.1 }
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 17 +++++++++++++----
tests/shell/testcases/bogons/assert_failures | 12 ++++++++++++
.../nat_prefix_map_with_set_element_assert | 7 +++++++
3 files changed, 32 insertions(+), 4 deletions(-)
create mode 100755 tests/shell/testcases/bogons/assert_failures
create mode 100644 tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert
diff --git a/src/evaluate.c b/src/evaluate.c
index 00bb8988bd4c..efab28952e32 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1869,12 +1869,21 @@ static void __mapping_expr_expand(struct expr *i)
}
}
-static void mapping_expr_expand(struct expr *init)
+static int mapping_expr_expand(struct eval_ctx *ctx)
{
struct expr *i;
- list_for_each_entry(i, &init->expressions, list)
+ if (!set_is_anonymous(ctx->set->flags))
+ return 0;
+
+ list_for_each_entry(i, &ctx->set->init->expressions, list) {
+ if (i->etype != EXPR_MAPPING)
+ return expr_error(ctx->msgs, i,
+ "expected mapping, not %s", expr_name(i));
__mapping_expr_expand(i);
+ }
+
+ return 0;
}
static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
@@ -1955,8 +1964,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
if (ctx->set->data->flags & EXPR_F_INTERVAL) {
ctx->set->data->len *= 2;
- if (set_is_anonymous(ctx->set->flags))
- mapping_expr_expand(ctx->set->init);
+ if (mapping_expr_expand(ctx))
+ return -1;
}
ctx->set->key->len = ctx->ectx.len;
diff --git a/tests/shell/testcases/bogons/assert_failures b/tests/shell/testcases/bogons/assert_failures
new file mode 100755
index 000000000000..79099427c98a
--- /dev/null
+++ b/tests/shell/testcases/bogons/assert_failures
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+dir=$(dirname $0)/nft-f/
+
+for f in $dir/*; do
+ $NFT --check -f "$f"
+
+ if [ $? -ne 1 ]; then
+ echo "Bogus input file $f did not cause expected error code" 1>&2
+ exit 111
+ fi
+done
diff --git a/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert b/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert
new file mode 100644
index 000000000000..18c7edd14c5d
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/nat_prefix_map_with_set_element_assert
@@ -0,0 +1,7 @@
+table ip x {
+ chain y {
+ type nat hook postrouting priority srcnat; policy accept;
+ snat ip prefix to ip saddr map { 10.141.11.0/24 : 192.168.2.0/24, 10.141.12.1 }
+ }
+}
+
--
2.39.3
