From 638af0ceb2b22307098bb2730822e148ef0b9424 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Fri, 10 Jun 2022 13:01:46 +0200 Subject: Revert "scanner: flags: move to own scope" MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Excess nesting of scanner scopes is very fragile and error prone: rule `iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop` fails with `Error: No symbol type information` hinting at `prefix` Problem is that we nest via: counter limit log flags By the time 'prefix' is scanned, state is still stuck in 'counter' due to this nesting. Working around "prefix" isn't enough, any other keyword, e.g. "level" in 'flags all level debug' will be parsed as 'string' too. So, revert this. Fixes: a16697097e2b ("scanner: flags: move to own scope") Reported-by: Christian Göttsche Signed-off-by: Florian Westphal --- tests/shell/testcases/parsing/log | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100755 tests/shell/testcases/parsing/log (limited to 'tests/shell') diff --git a/tests/shell/testcases/parsing/log b/tests/shell/testcases/parsing/log new file mode 100755 index 00000000..0b89d589 --- /dev/null +++ b/tests/shell/testcases/parsing/log @@ -0,0 +1,10 @@ +#!/bin/bash + +$NFT add table t || exit 1 +$NFT add chain t c || exit 1 +$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop' || exit 1 +$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all level debug drop' || exit 1 +$NFT delete table t || exit 1 + +exit 0 + -- cgit v1.2.3