diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-10-18 20:18:05 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2015-10-18 20:56:29 +0200 |
commit | 97493717e7383ee99527053b60d610fa9f94a886 (patch) | |
tree | b5bd0366be49075390d1e23265ccf0e940bb918d | |
parent | 34689c201f03102861ff2e23ccd097a02663c5de (diff) |
evaluate: check if table and chain exists when adding rules
Assuming a table 'test' that contains a chain 'test':
# nft add rule test1 test2 counter
<cmdline>:1:1-28: Error: Could not process rule: Table 'test1' does not exist
add rule test1 test2 counter
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
# nft add rule test test2 counter
<cmdline>:1:1-27: Error: Could not process rule: Chain 'test2' does not exist
add rule test test2 counter
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | src/evaluate.c | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 4f9299e1..ccbe8b37 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2050,6 +2050,8 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table) static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) { + struct table *table; + switch (cmd->obj) { case CMD_OBJ_SETELEM: return setelem_evaluate(ctx, &cmd->expr); @@ -2058,6 +2060,15 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) return set_evaluate(ctx, cmd->set); case CMD_OBJ_RULE: handle_merge(&cmd->rule->handle, &cmd->handle); + table = table_lookup_global(ctx); + if (table == NULL) + return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", + ctx->cmd->handle.table); + + if (chain_lookup(table, &ctx->cmd->handle) == NULL) + return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist", + ctx->cmd->handle.chain); + return rule_evaluate(ctx, cmd->rule); case CMD_OBJ_CHAIN: return chain_evaluate(ctx, cmd->chain); |