evaluate: bail out on prefix or range to non-interval set

If you declare a set with no interval flag, you get this bug message:

 # nft add element filter myset { 192.168.1.100/24 }
 BUG: invalid data expression type prefix
 nft: netlink.c:323: netlink_gen_data: Assertion `0' failed.
 Aborted

After this patch, we provide a clue to the user:

 # nft add element filter myset { 192.168.1.100/24 }
 <cmdline>:1:23-38: Error: Set member cannot be prefix, missing interval flag on declaration
 add element filter myset { 192.168.1.100/24 }
                            ^^^^^^^^^^^^^^^^

 # nft add element filter myset { 192.168.1.100-192.168.1.200 }
 <cmdline>:1:23-49: Error: Set member cannot be range, missing interval flag on declaration
 add element filter myset { 192.168.1.100-192.168.1.200 }
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^^

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 16 insertions, 0 deletions

diff --git a/src/evaluate.c b/src/evaluate.c
index 63c0091d..7444d09c 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -929,6 +929,22 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
 	if (expr_evaluate(ctx, &elem->key) < 0)
 		return -1;
 
+	if (ctx->set &&
+	    !(ctx->set->flags & (SET_F_ANONYMOUS | SET_F_INTERVAL))) {
+		switch (elem->key->ops->type) {
+		case EXPR_PREFIX:
+			return expr_error(ctx->msgs, elem,
+					  "Set member cannot be prefix, "
+					  "missing interval flag on declaration");
+		case EXPR_RANGE:
+			return expr_error(ctx->msgs, elem,
+					  "Set member cannot be range, "
+					  "missing interval flag on declaration");
+		default:
+			break;
+		}
+	}
+
 	elem->dtype = elem->key->dtype;
 	elem->len   = elem->key->len;
 	elem->flags = elem->key->flags;