@@ -957,6 +957,21 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
if (expr_evaluate(ctx, &elem->key) < 0)
return -1;
+ if (ctx->set && !(ctx->set->flags & SET_F_INTERVAL)) {
+ switch (elem->key->ops->type) {
+ case EXPR_PREFIX:
+ return expr_error(ctx->msgs, elem,
+ "Set member cannot be prefix, "
+ "missing interval flag on declaration");
+ case EXPR_RANGE:
+ return expr_error(ctx->msgs, elem,
+ "Set member cannot be range, "
+ "missing interval flag on declaration");
+ default:
+ break;
+ }
+ }
+
elem->dtype = elem->key->dtype;
elem->len = elem->key->len;
elem->flags = elem->key->flags;
If you declare a set with no interval flag, you get this bug message: # nft add element filter myset { 192.168.1.100/24 } BUG: invalid data expression type prefix nft: netlink.c:323: netlink_gen_data: Assertion `0' failed. Aborted After this patch, we provide a clue to the user: # nft add element filter myset { 192.168.1.100/24 } <cmdline>:1:23-38: Error: Set member cannot be prefix, missing interval flag on declaration add element filter myset { 192.168.1.100/24 } ^^^^^^^^^^^^^^^^ # nft add element filter myset { 192.168.1.100-192.168.1.200 } <cmdline>:1:23-49: Error: Set member cannot be range, missing interval flag on declaration add element filter myset { 192.168.1.100-192.168.1.200 } ^^^^^^^^^^^^^^^^^^^^^^^^^^^ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)