| Message ID | 20200722153204.5175-1-pablo@netfilter.org |
|---|---|
| State | Accepted |
| Delegated to: | Pablo Neira |
| Headers | show |
| Series | [nft] evaluate: bail out with concatenations and singleton values | expand |
diff --git a/src/evaluate.c b/src/evaluate.c index 9290c6ff39ef..1f56dae5ec13 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1912,6 +1912,10 @@ static int expr_evaluate_relational(struct eval_ctx *ctx, struct expr **expr) byteorder_conversion(ctx, &rel->left, BYTEORDER_BIG_ENDIAN) < 0) return -1; break; + case EXPR_CONCAT: + return expr_binary_error(ctx->msgs, left, right, + "Use concatenations with sets and maps, not singleton values"); + break; default: BUG("invalid expression type %s\n", expr_name(right)); }
The rule: # nft add rule x y iifname . oifname p . q is equivalent to: # nft add rule x y iifname p oifname q Bail out with: Error: Use concatenations with sets and maps, not singleton values add rule x y iifname . oifname p . q ^^^^^^^^^^^^^^^^^ ~~~~~ instead of: BUG: invalid expression type concat nft: evaluate.c:1916: expr_evaluate_relational: Assertion `0' failed. Aborted Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> --- src/evaluate.c | 4 ++++ 1 file changed, 4 insertions(+)