diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-13 14:39:23 +0100 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2023-11-15 11:01:08 +0100 |
commit | 04a1ddc2012964c0a00350973328f5954887cedb (patch) | |
tree | 6b2fb26f7014b538d345b8e5c6652cabb5498302 /tests/shell/testcases/include/0020include_chain_0 | |
parent | e80e3bb88ebc9485d1b26eadee2579dbee1903ba (diff) |
src: expand create commands
create commands also need to be expanded, otherwise elements are never
evaluated:
# cat ruleset.nft
define ip-block-4 = { 1.1.1.1 }
create set netdev filter ip-block-4-test {
type ipv4_addr
flags interval
auto-merge
elements = $ip-block-4
}
# nft -f ruleset.nft
BUG: unhandled expression type 0
nft: src/intervals.c:211: interval_expr_key: Assertion `0' failed.
Aborted
Same applies to chains in the form of:
create chain x y {
counter
}
which is also accepted by the parser.
Update tests/shell to improve coverage for these use cases.
Fixes: 56c90a2dd2eb ("evaluate: expand sets and maps before evaluation")
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/include/0020include_chain_0')
-rwxr-xr-x | tests/shell/testcases/include/0020include_chain_0 | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/tests/shell/testcases/include/0020include_chain_0 b/tests/shell/testcases/include/0020include_chain_0 index 8f78e8c6..49b6f76c 100755 --- a/tests/shell/testcases/include/0020include_chain_0 +++ b/tests/shell/testcases/include/0020include_chain_0 @@ -20,4 +20,11 @@ RULESET2="chain inet filter input2 { echo "$RULESET2" > $tmpfile1 +RULESET3="create chain inet filter output2 { + type filter hook output priority filter; policy accept; + ip daddr 1.2.3.4 tcp dport { 22, 443, 123 } drop +}" + +echo "$RULESET3" >> $tmpfile1 + $NFT -o -f - <<< $RULESET |