evaluate: bail out with concatenations and singleton values

The rule: # nft add rule x y iifname . oifname p . q is equivalent to: # nft add rule x y iifname p oifname q Bail out with: Error: Use concatenations with sets and maps, not singleton values add rule x y iifname . oifname p . q ^^^^^^^^^^^^^^^^^ ~~~~~ instead of: BUG: invalid expression type concat nft: evaluate.c:1916: expr_evaluate_relational: Assertion `0' failed. Aborted Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2020-07-22 17:24:34 +0200
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2020-07-24 11:11:42 +0200
commit: ba2d0b45e9982ed8764dbeffaf6f4110f308fef8 (patch)
tree: a946a2c28e4a5f5be9e73ff1a3eaf1cb8743c285
parent: 8f345b2fc2427a558754df7f1afde62e8bab817f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/evaluate.c b/src/evaluate.c
index 9290c6ff..1f56dae5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1912,6 +1912,10 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
 			    byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0)
 				return -1;
 			break;
+		case EXPR_CONCAT:
+			return expr_binary_error(ctx->msgs, left, right,
+						 "Use concatenations with sets and maps, not singleton values");
+			break;
 		default:
 			BUG("invalid expression type %s\n", expr_name(right));
 		}
author	Pablo Neira Ayuso <pablo@netfilter.org>	2020-07-22 17:24:34 +0200
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2020-07-24 11:11:42 +0200
commit	ba2d0b45e9982ed8764dbeffaf6f4110f308fef8 (patch)
tree	a946a2c28e4a5f5be9e73ff1a3eaf1cb8743c285
parent	8f345b2fc2427a558754df7f1afde62e8bab817f (diff)