From 97493717e7383ee99527053b60d610fa9f94a886 Mon Sep 17 00:00:00 2001 From: Pablo Neira Ayuso Date: Sun, 18 Oct 2015 20:18:05 +0200 Subject: evaluate: check if table and chain exists when adding rules Assuming a table 'test' that contains a chain 'test': # nft add rule test1 test2 counter :1:1-28: Error: Could not process rule: Table 'test1' does not exist add rule test1 test2 counter ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ # nft add rule test test2 counter :1:1-27: Error: Could not process rule: Chain 'test2' does not exist add rule test test2 counter ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Signed-off-by: Pablo Neira Ayuso --- src/evaluate.c | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'src/evaluate.c') diff --git a/src/evaluate.c b/src/evaluate.c index 4f9299e1..ccbe8b37 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -2050,6 +2050,8 @@ static int table_evaluate(struct eval_ctx *ctx, struct table *table) static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) { + struct table *table; + switch (cmd->obj) { case CMD_OBJ_SETELEM: return setelem_evaluate(ctx, &cmd->expr); @@ -2058,6 +2060,15 @@ static int cmd_evaluate_add(struct eval_ctx *ctx, struct cmd *cmd) return set_evaluate(ctx, cmd->set); case CMD_OBJ_RULE: handle_merge(&cmd->rule->handle, &cmd->handle); + table = table_lookup_global(ctx); + if (table == NULL) + return cmd_error(ctx, "Could not process rule: Table '%s' does not exist", + ctx->cmd->handle.table); + + if (chain_lookup(table, &ctx->cmd->handle) == NULL) + return cmd_error(ctx, "Could not process rule: Chain '%s' does not exist", + ctx->cmd->handle.chain); + return rule_evaluate(ctx, cmd->rule); case CMD_OBJ_CHAIN: return chain_evaluate(ctx, cmd->chain); -- cgit v1.2.3