Before:
BUG: Value export of 512 bytes would overflownft: src/netlink.c:474: netlink_gen_prefix: Assertion `0' failed.
After:
66: Error: Object mapping data should be a value, not prefix
synproxy name ip saddr map { 192.168.1.0/24 : "v*" }
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 5 +++++
tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert | 6 ++++++
2 files changed, 11 insertions(+)
create mode 100644 tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert
diff --git a/src/evaluate.c b/src/evaluate.c
index 1da6a5711cbf..f7671cc6954c 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -2179,6 +2179,11 @@ static int expr_evaluate_mapping(struct eval_ctx *ctx, struct expr **expr)
return expr_error(ctx->msgs, mapping->right,
"Value must be a singleton");
+ if (set_is_objmap(set->flags) && mapping->right->etype != EXPR_VALUE)
+ return expr_error(ctx->msgs, mapping->right,
+ "Object mapping data should be a value, not %s",
+ expr_name(mapping->right));
+
mapping->flags |= EXPR_F_CONSTANT;
return 0;
}
diff --git a/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert b/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert
new file mode 100644
index 000000000000..d880a377cacd
--- /dev/null
+++ b/tests/shell/testcases/bogons/nft-f/objmap_to_prefix_assert
@@ -0,0 +1,6 @@
+table t {
+ chain y {
+ type filter hook input priority filter; policy accept;
+ synproxy name ip saddr map { 192.168.1.0/24 : "x*" }
+ }
+}
--
2.41.0
