diff mbox series

[nft] evaluate: provide a hint on missing dynamic flag

Message ID 20210925204625.22803-1-pablo@netfilter.org
State Not Applicable
Delegated to: Pablo Neira
Headers show
Series [nft] evaluate: provide a hint on missing dynamic flag | expand

Commit Message

Pablo Neira Ayuso Sept. 25, 2021, 8:46 p.m. UTC 
Provide a hint to users if they forget to set on the dynamic flag, if
such set is updated from the packet path.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/evaluate.c | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/src/evaluate.c b/src/evaluate.c
index 8ebc75617b1c..a0c67fb0e213 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3598,6 +3598,11 @@  static int stmt_evaluate_set(struct eval_ctx *ctx, struct stmt *stmt)
 		return expr_error(ctx->msgs, stmt->set.set,
 				  "Expression does not refer to a set");
 
+	if (!(stmt->set.set->set->flags & NFT_SET_EVAL))
+		return expr_error(ctx->msgs, stmt->set.set,
+				  "%s does not allow for dynamic updates, add 'flags dynamic' to your set declaration",
+				  stmt->set.set->set->flags & NFT_SET_MAP ? "map" : "set");
+
 	if (stmt_evaluate_arg(ctx, stmt,
 			      stmt->set.set->set->key->dtype,
 			      stmt->set.set->set->key->len,