evaluate: display error if set statement is missing

 # cat /tmp/x
 table x {
        set y {
                type ipv4_addr
                elements = {
                        1.1.1.1 counter packets 1 bytes 67,
                }
        }
 }
 # nft -f /tmp/x
 /tmp/x:5:12-18: Error: missing counter statement in set definition
                        1.1.1.1 counter packets 1 bytes 67,
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^

Instead, this should be:

 table x {
        set y {
                type ipv4_addr
		counter               <-------
                elements = {
                        1.1.1.1 counter packets 1 bytes 67,
                }
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

1 files changed, 15 insertions, 7 deletions

diff --git a/src/evaluate.c b/src/evaluate.c
index 6325f52e..8b03e1f3 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1310,13 +1310,21 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
 	struct set *set = ctx->set;
 	struct expr *elem = *expr;
 
-	if (elem->stmt && set->stmt && set->stmt->ops != elem->stmt->ops)
-		return stmt_binary_error(ctx, set->stmt, elem,
-					 "statement mismatch, element expects %s, "
-					 "%s has type %s",
-					 elem->stmt->ops->name,
-					 set_is_map(set->flags) ? "map" : "set",
-					 set->stmt->ops->name);
+	if (elem->stmt) {
+		if (set->stmt && set->stmt->ops != elem->stmt->ops) {
+			return stmt_error(ctx, elem->stmt,
+					  "statement mismatch, element expects %s, "
+					  "but %s has type %s",
+					  elem->stmt->ops->name,
+					  set_is_map(set->flags) ? "map" : "set",
+					  set->stmt->ops->name);
+		} else if (!set->stmt && !(set->flags & NFT_SET_EVAL)) {
+			return stmt_error(ctx, elem->stmt,
+					  "missing %s statement in %s definition",
+					  elem->stmt->ops->name,
+					  set_is_map(set->flags) ? "map" : "set");
+		}
+	}
 
 	if (expr_evaluate(ctx, &elem->key) < 0)
 		return -1;