diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-27 19:26:49 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-03-27 22:26:02 +0100 |
commit | d6ac64f92dfca5da4d07989114a4aa46e1322453 (patch) | |
tree | fe82c3dcf5013ed806126e23ad24ec43250ef3b2 | |
parent | b119428c934c7d356023828fed6a83b12bbcaa1f (diff) |
evaluate: display error if set statement is missing
# cat /tmp/x
table x {
set y {
type ipv4_addr
elements = {
1.1.1.1 counter packets 1 bytes 67,
}
}
}
# nft -f /tmp/x
/tmp/x:5:12-18: Error: missing counter statement in set definition
1.1.1.1 counter packets 1 bytes 67,
^^^^^^^^^^^^^^^^^^^^^^^^^^
Instead, this should be:
table x {
set y {
type ipv4_addr
counter <-------
elements = {
1.1.1.1 counter packets 1 bytes 67,
}
}
}
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 6325f52e..8b03e1f3 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1310,13 +1310,21 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr) struct set *set = ctx->set; struct expr *elem = *expr; - if (elem->stmt && set->stmt && set->stmt->ops != elem->stmt->ops) - return stmt_binary_error(ctx, set->stmt, elem, - "statement mismatch, element expects %s, " - "%s has type %s", - elem->stmt->ops->name, - set_is_map(set->flags) ? "map" : "set", - set->stmt->ops->name); + if (elem->stmt) { + if (set->stmt && set->stmt->ops != elem->stmt->ops) { + return stmt_error(ctx, elem->stmt, + "statement mismatch, element expects %s, " + "but %s has type %s", + elem->stmt->ops->name, + set_is_map(set->flags) ? "map" : "set", + set->stmt->ops->name); + } else if (!set->stmt && !(set->flags & NFT_SET_EVAL)) { + return stmt_error(ctx, elem->stmt, + "missing %s statement in %s definition", + elem->stmt->ops->name, + set_is_map(set->flags) ? "map" : "set"); + } + } if (expr_evaluate(ctx, &elem->key) < 0) return -1; |