evaluate: verify named map is actually a map

# nft add set filter test { type ipv4_addr; }
# nft filter input ip daddr vmap @test

Before:

<cmdline>:0:0-32: Error: Could not process rule: Invalid argument
filter input ip daddr vmap @test
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

After:

<cmdline>:1:28-32: Error: Expression is not a map
filter input ip daddr vmap @test
                           ^^^^^

Signed-off-by: Patrick McHardy <kaber@trash.net>

diff --git a/src/evaluate.c b/src/evaluate.c
index d24d4ccfee8ebaeea57f1d3c566b26164d54c5c5..651465aa4d04adfd82c692c5f4e67de6185cb723 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -738,7 +738,8 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
        case EXPR_SYMBOL:
                if (expr_evaluate(ctx, &map->mappings) < 0)
                        return -1;
-               if (map->mappings->ops->type != EXPR_SET_REF)
+               if (map->mappings->ops->type != EXPR_SET_REF ||
+                   !(map->mappings->set->flags & NFT_SET_MAP))
                        return expr_error(ctx->msgs, map->mappings,
                                          "Expression is not a map");
                break;