... this will cause an assertion in netlink linearization, catch this
at eval stage instead.
before:
BUG: unknown expression type range
nft: netlink_linearize.c:908: netlink_gen_expr: Assertion `0' failed.
after:
/unknown_expr_type_range_assert:3:31-40: Error: ct expression cannot be a range
ct mark set 0x001-3434
^^^^^^^^^^
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/evaluate.c | 12 +++++++++++-
.../bogons/nft-f/unknown_expr_type_range_assert | 1 +
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/evaluate.c b/src/evaluate.c
index b6e602308163..6c6841679f1e 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3331,7 +3331,17 @@ static int stmt_evaluate_ct(struct eval_ctx *ctx, struct stmt *stmt)
return stmt_error(ctx, stmt,
"ct secmark must not be set to constant value");
- return 0;
+ switch (stmt->meta.expr->etype) {
+ case EXPR_RANGE:
+ ret = expr_error(ctx->msgs, stmt->ct.expr,
+ "ct expression cannot be a range");
+ break;
+ default:
+ break;
+
+ }
+
+ return ret;
}
static int reject_payload_gen_dependency_tcp(struct eval_ctx *ctx,
diff --git a/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
index 234dd623167d..1a42d751e880 100644
--- a/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
+++ b/tests/shell/testcases/bogons/nft-f/unknown_expr_type_range_assert
@@ -1,5 +1,6 @@
table ip x {
chain k {
meta mark set 0x001-3434
+ ct mark set 0x001-3434
}
}
--
2.41.0
