From ba2d0b45e9982ed8764dbeffaf6f4110f308fef8 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 22 Jul 2020 17:24:34 +0200
Subject: evaluate: bail out with concatenations and singleton values

The rule:

 # nft add rule x y iifname . oifname p . q

is equivalent to:

 # nft add rule x y iifname p oifname q

Bail out with:

 Error: Use concatenations with sets and maps, not singleton values
 add rule x y iifname . oifname p . q
              ^^^^^^^^^^^^^^^^^ ~~~~~

instead of:

 BUG: invalid expression type concat
 nft: evaluate.c:1916: expr_evaluate_relational: Assertion `0' failed.
 Aborted

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index 9290c6ff..1f56dae5 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1912,6 +1912,10 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr)
 			    byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0)
 				return -1;
 			break;
+		case EXPR_CONCAT:
+			return expr_binary_error(ctx->msgs, left, right,
+						 "Use concatenations with sets and maps, not singleton values");
+			break;
 		default:
 			BUG("invalid expression type %s\n", expr_name(right));
 		}
-- 
cgit v1.2.3