diff options
author | Jose M. Guisado Gomez <guigom@riseup.net> | 2020-09-10 18:40:20 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-09-14 13:44:34 +0200 |
commit | 8e58e96075dea109d217ba7070043e0d5d574b66 (patch) | |
tree | a8f015184e1798ec8cc2043b6faf04b887b0d5c2 /tests/shell | |
parent | 293c9b114faef074dbbda06df73f86317d28ef9b (diff) |
parser_bison: fail when specifying multiple comments
Before this patch grammar supported specifying multiple comments, and
only the last value would be assigned.
This patch adds a function to test if an attribute is already assigned
and, if so, calls erec_queue with this attribute location.
Use this function in order to check for duplication (or more) of comments
for actions that support it.
> nft add table inet filter { flags "dormant"\; comment "test"\; comment "another"\;}
Error: You can only specify this once. This statement is duplicated.
add table inet filter { flags dormant; comment test; comment another;}
^^^^^^^^^^^^^^^^
Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'tests/shell')
-rwxr-xr-x | tests/shell/testcases/optionals/comments_objects_dup_0 | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/tests/shell/testcases/optionals/comments_objects_dup_0 b/tests/shell/testcases/optionals/comments_objects_dup_0 new file mode 100755 index 00000000..79d975a2 --- /dev/null +++ b/tests/shell/testcases/optionals/comments_objects_dup_0 @@ -0,0 +1,97 @@ +#!/bin/bash + +EXPECTED='table ip filter { + quota q { + over 1200 bytes + comment "test1" + comment "test1" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi + +EXPECTED='table ip filter { + counter c { + packets 0 bytes 0 + comment "test2" + comment "test2" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi + +EXPECTED='table ip filter { + ct helper h { + type "sip" protocol tcp + l3proto ip + comment "test3" + comment "test3" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi + +EXPECTED='table ip filter { + ct expectation e { + protocol tcp + dport 666 + timeout 100ms + size 96 + l3proto ip + comment "test4" + comment "test4" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi + +EXPECTED='table ip filter { + limit l { + rate 400/hour + comment "test5" + comment "test5" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi + +EXPECTED='table ip filter { + synproxy s { + mss 1460 + wscale 2 + comment "test6" + comment "test6" + } +} +' + +$NFT -f - <<< "$EXPECTED" +if [ $? -eq 0 ] +then + exit 1 +fi |