From 3cac7e878d085925c26b86c030089b7afd81d15e Mon Sep 17 00:00:00 2001
From: Martin Stein <martin.stein@genode-labs.com>
Date: Sat, 26 May 2018 01:37:02 +0200
Subject: [PATCH] nic_router: invalid rules render domain invalid

---
 repos/os/src/server/nic_router/domain.cc | 25 +++++++++++++++++++-----
 1 file changed, 20 insertions(+), 5 deletions(-)

diff --git a/repos/os/src/server/nic_router/domain.cc b/repos/os/src/server/nic_router/domain.cc
index e2097574a..c54db46a1 100644
--- a/repos/os/src/server/nic_router/domain.cc
+++ b/repos/os/src/server/nic_router/domain.cc
@@ -145,7 +145,10 @@ void Domain::_read_forward_rules(Cstring  const    &protocol,
 			if (_config.verbose()) {
 				log("[", *this, "] forward rule: ", protocol, " ", rule); }
 		}
-		catch (Rule::Invalid) { log("[", *this, "] invalid forward rule"); }
+		catch (Rule::Invalid) {
+			log("[", *this, "] invalid domain (invalid forward rule)");
+			throw Invalid();
+		}
 	});
 }
 
@@ -161,7 +164,10 @@ void Domain::_read_transport_rules(Cstring  const      &protocol,
 			rules.insert(*new (_alloc) Transport_rule(domains, node, _alloc,
 			                                          protocol, _config));
 		}
-		catch (Rule::Invalid) { log("[", *this, "] invalid transport rule"); }
+		catch (Rule::Invalid) {
+			log("[", *this, "] invalid domain (invalid transport rule)");
+			throw Invalid();
+		}
 	});
 }
 
@@ -286,17 +292,26 @@ void Domain::init(Domain_tree &domains)
 				                      _udp_port_alloc, _icmp_port_alloc,
 				                      node));
 		}
-		catch (Rule::Invalid) { log("[", *this, "] invalid NAT rule"); }
+		catch (Rule::Invalid) {
+			log("[", *this, "] invalid domain (invalid NAT rule)");
+			throw Invalid();
+		}
 	});
 	/* read ICMP rules */
 	_node.for_each_sub_node("icmp", [&] (Xml_node const node) {
 		try { _icmp_rules.insert(*new (_alloc) Ip_rule(domains, node)); }
-		catch (Rule::Invalid) { warning("invalid ICMP rule"); }
+		catch (Rule::Invalid) {
+			log("[", *this, "] invalid domain (invalid ICMP rule)");
+			throw Invalid();
+		}
 	});
 	/* read IP rules */
 	_node.for_each_sub_node("ip", [&] (Xml_node const node) {
 		try { _ip_rules.insert(*new (_alloc) Ip_rule(domains, node)); }
-		catch (Rule::Invalid) { log("[", *this, "] invalid IP rule"); }
+		catch (Rule::Invalid) {
+			log("[", *this, "] invalid domain (invalid IP rule)");
+			throw Invalid();
+		}
 	});
 }