[PATCH nft] evaluate: Better error reporting for bad set references

Pablo Neira Ayuso Mon, 19 Jun 2017 05:05:21 -0700

In case you refer to an unexisting set, bail out with:

 # nft -f rc.nftables-test
 rc.nftables-test:64:34-49: Error: Set 'reject_to_rule2' does not exist
                ip protocol vmap @reject_to_rule2
                                 ^^^^^^^^^^^^^^^^


Signed-off-by: Pablo Neira Ayuso <[email protected]>
---
 src/evaluate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/evaluate.c b/src/evaluate.c
index ec898033c984..ca8b63b74fdc 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -192,8 +192,9 @@ static int expr_evaluate_symbol(struct eval_ctx *ctx, 
struct expr **expr)
 
                set = set_lookup(table, (*expr)->identifier);
                if (set == NULL)
-                       return cmd_error(ctx, "Could not process rule: Set '%s' 
does not exist",
-                                        (*expr)->identifier);
+                       return expr_error(ctx->msgs, *expr,
+                                         "Set '%s' does not exist",
+                                         (*expr)->identifier);
                new = set_ref_expr_alloc(&(*expr)->location, set);
                break;
        }
-- 
2.1.4

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nft] evaluate: Better error reporting for bad set references

Reply via email to