summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPablo Neira Ayuso <pablo@netfilter.org>2016-08-29 17:16:35 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2016-08-29 20:30:29 +0200
commita26d13e2b099d750e5333a563f5d802bf568eb59 (patch)
treeeccffa3782d27b62721568d4cedc810eee409cf9
parent7a3d6802ddcb40d2339a461762afdb0328a3beb7 (diff)
parser_bison: allow variable references in set elements definition
Andreas reports that he cannot use variables in set definitions: define s-ext-2-int = 10.10.10.10 . 25, 10.10.10.10 . 143 set s-ext-2-int { type ipv4_addr . inet_service elements = { $s-ext-2-int } } This syntax is not correct though, since the curly braces should be placed in the variable definition itself, so we have context to handle this variable as a list of set elements. The correct syntax that works after this patch is: define s-ext-2-int = { 10.10.10.10 . 25, 10.10.10.10 . 143 } table inet forward { set s-ext-2-int { type ipv4_addr . inet_service elements = $s-ext-2-int } } Reported-by: Andreas Hainke <andreas.hainke@foteviken.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r--src/parser_bison.y12
-rwxr-xr-xtests/shell/testcases/nft-f/0009variable_023
2 files changed, 31 insertions, 4 deletions
diff --git a/src/parser_bison.y b/src/parser_bison.y
index a87468e2..aac10dcc 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -525,8 +525,8 @@ static void location_update(struct location *loc, struct location *rhs, int n)
%type <expr> verdict_map_expr verdict_map_list_expr verdict_map_list_member_expr
%destructor { expr_free($$); } verdict_map_expr verdict_map_list_expr verdict_map_list_member_expr
-%type <expr> set_expr set_list_expr set_list_member_expr
-%destructor { expr_free($$); } set_expr set_list_expr set_list_member_expr
+%type <expr> set_expr set_block_expr set_list_expr set_list_member_expr
+%destructor { expr_free($$); } set_expr set_block_expr set_list_expr set_list_member_expr
%type <expr> set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr
%destructor { expr_free($$); } set_elem_expr set_elem_expr_alloc set_lhs_expr set_rhs_expr
%type <expr> set_elem_expr_stmt set_elem_expr_stmt_alloc
@@ -1061,7 +1061,7 @@ set_block : /* empty */ { $$ = $<set>-1; }
$1->gc_int = $3 * 1000;
$$ = $1;
}
- | set_block ELEMENTS '=' set_expr
+ | set_block ELEMENTS '=' set_block_expr
{
$1->init = $4;
$$ = $1;
@@ -1069,6 +1069,10 @@ set_block : /* empty */ { $$ = $<set>-1; }
| set_block set_mechanism stmt_seperator
;
+set_block_expr : set_expr
+ | variable_expr
+ ;
+
set_flag_list : set_flag_list COMMA set_flag
{
$$ = $1 | $3;
@@ -1104,7 +1108,7 @@ map_block : /* empty */ { $$ = $<set>-1; }
$1->flags |= $3;
$$ = $1;
}
- | map_block ELEMENTS '=' set_expr
+ | map_block ELEMENTS '=' set_block_expr
{
$1->init = $4;
$$ = $1;
diff --git a/tests/shell/testcases/nft-f/0009variable_0 b/tests/shell/testcases/nft-f/0009variable_0
new file mode 100755
index 00000000..4d387074
--- /dev/null
+++ b/tests/shell/testcases/nft-f/0009variable_0
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+tmpfile=$(mktemp)
+if [ ! -w $tmpfile ] ; then
+ echo "Failed to create tmp file" >&2
+ exit 0
+fi
+
+trap "rm -rf $tmpfile" EXIT # cleanup if aborted
+
+RULESET="define concat-set-variable = { 10.10.10.10 . 25, 10.10.10.10 . 143 }
+
+table inet forward {
+ set concat-set-variable {
+ type ipv4_addr . inet_service
+ elements = \$concat-set-variable
+ }
+}"
+
+echo "$RULESET" > $tmpfile
+$NFT -f $tmpfile