evaluate: display error if set statement is missing

 # cat /tmp/x
 table x {
        set y {
                type ipv4_addr
                elements = {
                        1.1.1.1 counter packets 1 bytes 67,
                }
        }
 }
 # nft -f /tmp/x
 /tmp/x:5:12-18: Error: missing counter statement in set definition
                        1.1.1.1 counter packets 1 bytes 67,
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^

Instead, this should be:

 table x {
        set y {
                type ipv4_addr
		counter               <-------
                elements = {
                        1.1.1.1 counter packets 1 bytes 67,
                }
        }
 }

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/evaluate.c b/src/evaluate.c
index 6325f52e49ffd8bba9e4573ee4db1c6963ee24c9..8b03e1f3cfb8826950df907729ad398175af9500 100644 (file)
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1310,13 +1310,21 @@ static int expr_evaluate_set_elem(struct eval_ctx *ctx, struct expr **expr)
        struct set *set = ctx->set;
        struct expr *elem = *expr;
 
-       if (elem->stmt && set->stmt && set->stmt->ops != elem->stmt->ops)
-               return stmt_binary_error(ctx, set->stmt, elem,
-                                        "statement mismatch, element expects %s, "
-                                        "%s has type %s",
-                                        elem->stmt->ops->name,
-                                        set_is_map(set->flags) ? "map" : "set",
-                                        set->stmt->ops->name);
+       if (elem->stmt) {
+               if (set->stmt && set->stmt->ops != elem->stmt->ops) {
+                       return stmt_error(ctx, elem->stmt,
+                                         "statement mismatch, element expects %s, "
+                                         "but %s has type %s",
+                                         elem->stmt->ops->name,
+                                         set_is_map(set->flags) ? "map" : "set",
+                                         set->stmt->ops->name);
+               } else if (!set->stmt && !(set->flags & NFT_SET_EVAL)) {
+                       return stmt_error(ctx, elem->stmt,
+                                         "missing %s statement in %s definition",
+                                         elem->stmt->ops->name,
+                                         set_is_map(set->flags) ? "map" : "set");
+               }
+       }
 
        if (expr_evaluate(ctx, &elem->key) < 0)
                return -1;