diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-22 21:38:18 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-06-23 13:04:24 +0200 |
commit | dd084d6bfc32ce492084bed9d5e90aeef171503a (patch) | |
tree | 9a0f85bb3842845a97589ec189f8033968f2b65e /tests/shell/testcases/maps | |
parent | f8bf621362cc7fa45731c87ef485f7fb298e1e13 (diff) |
evaluate: fix maps with key and data concatenations
expr_evaluate_concat() is overloaded, it deals with two cases:
#1 set key and data definitions, this case uses the special
dynamically created concatenation datatype which is taken
from the context.
#2 set elements, this case iterates over the set key and data
expressions that are components of the concatenation tuple,
to fetch the corresponding datatype.
Add a new function to deal with case #1 specifically.
This patch is implicitly fixing up map that include arbitrary
concatenations. This is failing with a spurious error report such as:
# cat bug.nft
table x {
map test {
type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service
}
}
# nft -f bug.nft
bug.nft:3:48-71: Error: datatype mismatch, expected concatenation of (IPv4 address, Internet protocol, internet network service), expression has type concatenation of (IPv4 address, internet network service)
type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service
^^^^^^^^^^^^^^^^^^^^^^^^
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell/testcases/maps')
-rwxr-xr-x | tests/shell/testcases/maps/0010concat_map_0 | 19 | ||||
-rw-r--r-- | tests/shell/testcases/maps/dumps/0010concat_map_0.nft | 11 |
2 files changed, 30 insertions, 0 deletions
diff --git a/tests/shell/testcases/maps/0010concat_map_0 b/tests/shell/testcases/maps/0010concat_map_0 new file mode 100755 index 00000000..4848d972 --- /dev/null +++ b/tests/shell/testcases/maps/0010concat_map_0 @@ -0,0 +1,19 @@ +#!/bin/bash + +set -e + +EXPECTED="table inet x { + map z { + type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service + elements = { + 1.1.1.1 . tcp . 20 : 2.2.2.2 . 30 + } + } + + chain y { + type nat hook prerouting priority dstnat; + dnat ip addr . port to ip saddr . ip protocol . tcp dport map @z + } +}" + +$NFT -f - <<< "$EXPECTED" diff --git a/tests/shell/testcases/maps/dumps/0010concat_map_0.nft b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft new file mode 100644 index 00000000..328c653c --- /dev/null +++ b/tests/shell/testcases/maps/dumps/0010concat_map_0.nft @@ -0,0 +1,11 @@ +table inet x { + map z { + type ipv4_addr . inet_proto . inet_service : ipv4_addr . inet_service + elements = { 1.1.1.1 . tcp . 20 : 2.2.2.2 . 30 } + } + + chain y { + type nat hook prerouting priority dstnat; policy accept; + meta nfproto ipv4 dnat ip addr . port to ip saddr . ip protocol . tcp dport map @z + } +} |