diff options
author | Florian Westphal <fw@strlen.de> | 2021-08-20 11:52:35 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2021-08-20 13:00:40 +0200 |
commit | 31b7210b5f66acb32c1c2a25cc096ab395be0760 (patch) | |
tree | 83979c22083f8320e03f7eb31b1cd482d8df35b2 | |
parent | 8062079da0102ea2859f1e5732da5ef9c0b9ee0c (diff) |
parser: permit symbolic define for 'queue num' again
WHen I simplified the parser to restrict 'queue num' I forgot that
instead of range and immediate value its also allowed to pass in
a variable expression, e.g.
define myq = 0
add rule ... 'queue num $myq bypass'
Allow those as well and add a test case for this.
Fixes: 767f0af82a389 ("parser: restrict queue num expressiveness")
Reported-by: Amish <anon.amish@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
-rw-r--r-- | src/parser_bison.y | 1 | ||||
-rwxr-xr-x | tests/shell/testcases/nft-f/0012different_defines_0 | 7 | ||||
-rw-r--r-- | tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft | 5 |
3 files changed, 13 insertions, 0 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y index 83f0250a..6b87ece5 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -3792,6 +3792,7 @@ queue_stmt_arg : QUEUENUM queue_stmt_expr_simple queue_stmt_expr_simple : integer_expr | range_rhs_expr + | variable_expr ; queue_stmt_expr : numgen_expr diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0 index 0bdbd1b5..fe228587 100755 --- a/tests/shell/testcases/nft-f/0012different_defines_0 +++ b/tests/shell/testcases/nft-f/0012different_defines_0 @@ -14,6 +14,8 @@ define d_ipv4_2 = 10.0.0.2 define d_ipv6 = fe0::1 define d_ipv6_2 = fe0::2 define d_ports = 100-222 +define d_qnum = 0 +define d_qnumr = 1-42 table inet t { chain c { @@ -29,6 +31,11 @@ table inet t { ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept } tcp dport \$d_ports udp dport vmap { \$d_ports : accept } + tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnum bypass + tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnumr + tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass,fanout num \$d_qnumr + tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue to symhash mod 2 + tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass to jhash tcp dport . tcp sport mod 4 } }" diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft index 28094387..e690f322 100644 --- a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft +++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft @@ -12,5 +12,10 @@ table inet t { ip daddr . iif vmap { 10.0.0.0 . "lo" : accept } tcp dport 100-222 udp dport vmap { 100-222 : accept } + tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass num 0 + tcp sport 1 tcp dport 1 oifname "foobar" queue num 1-42 + tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass,fanout num 1-42 + tcp sport 1 tcp dport 1 oifname "foobar" queue to symhash mod 2 + tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass to jhash tcp dport . tcp sport mod 4 } } |