[nft PATCH v2] evaluate: avoid reference to multiple src data in statements which set values

[Arturo Borrero Gonzalez <arturo@debian.org>]

Prevent this assert:

% nft [..] tcp dport set { 0 , 1 }
BUG: unknown expression type set reference
nft: netlink_linearize.c:696: netlink_gen_expr: Assertion `0' failed.
Aborted

We can't use a set here because we will not known which value to use.

With this patch, a proper error message is reported to users:

% nft add rule t c tcp dport set {1, 2, 3, 4, 5}
<cmdline>:1:28-42: Error: you cannot use a set here, unknown value to use
add rule t c tcp dport set {1, 2, 3, 4, 5}
             ~~~~~~~~~~~~~~^^^^^^^^^^^^^^^

% nft add rule t c tcp dport set @s
<cmdline>:1:28-29: Error: you cannot reference a set here, unknown value to use
add rule t c tcp dport set @s
             ~~~~~~~~~~~~~~^^

This error is reported to all statements which set values.

Signed-off-by: Arturo Borrero Gonzalez <arturo@debian.org>
---
v2: check all statements which set values as well

 src/evaluate.c |   15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/src/evaluate.c b/src/evaluate.c
index 27cee98..095d3fa 100644
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -1759,6 +1759,21 @@ static int stmt_evaluate_arg(struct eval_ctx *ctx, struct stmt *stmt,
 					 "datatype mismatch: expected %s, "
 					 "expression has type %s",
 					 dtype->desc, (*expr)->dtype->desc);
+
+	/* we are setting a value, we can't use a set */
+	switch ((*expr)->ops->type) {
+	case EXPR_SET:
+		return stmt_binary_error(ctx, (*expr), stmt,
+					 "you cannot use a set here, unknown "
+					 "value to use");
+	case EXPR_SET_REF:
+		return stmt_binary_error(ctx, (*expr), stmt,
+					 "you cannot reference a set here, "
+					 "unknown value to use");
+	default:
+		break;
+	}
+
 	return 0;
 }