diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-21 00:37:07 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-04-24 22:48:42 +0200 |
| commit | 5ad475fce5a138d3a8b58bde4a41b0537d15b952 (patch) | |
| tree | 382aadf309e894b6cf8c3862e032cb11ab5f5637 /src/evaluate.c | |
| parent | a66b5ad9540dd64c7c67006201b8b3ccf8e4316b (diff) | |
evaluate: bail out if new flowtable does not specify hook and priority
If user forgets to specify the hook and priority and the flowtable does
not exist, then bail out:
# cat flowtable-incomplete.nft
table t {
flowtable f {
devices = { lo }
}
}
# nft -f /tmp/k
flowtable-incomplete.nft:2:12-12: Error: missing hook and priority in flowtable declaration
flowtable f {
^
Update one existing tests/shell to specify a hook and priority.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'src/evaluate.c')
| -rw-r--r-- | src/evaluate.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/src/evaluate.c b/src/evaluate.c index 35910b03..a1c3895c 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -4732,8 +4732,12 @@ static int flowtable_evaluate(struct eval_ctx *ctx, struct flowtable *ft) if (table == NULL) return table_not_found(ctx); - if (!ft_cache_find(table, ft->handle.flowtable.name)) + if (!ft_cache_find(table, ft->handle.flowtable.name)) { + if (!ft->hook.name) + return chain_error(ctx, ft, "missing hook and priority in flowtable declaration"); + ft_cache_add(flowtable_get(ft), table); + } if (ft->hook.name) { ft->hook.num = str2hooknum(NFPROTO_NETDEV, ft->hook.name); |