diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-07-09 00:13:56 +0200 |
|---|---|---|
| committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2025-07-10 00:12:58 +0200 |
| commit | eb30f236d91a8d61ece789e28e6540b3a3fa2a6a (patch) | |
| tree | b3f7d15ce422d6f04da0c9598b90fe292305b7c0 | |
| parent | cfd768615235bb89650f15498c70d19813502825 (diff) | |
rule: print chain and flowtable devices in quotes
Print devices in quotes, for consistency with:
- the existing chain listing with single device:
type filter hook ingress device "lo" priority filter; policy accept
- the ifname datatype used in sets.
In general, tokens that are user-defined, not coming in the datatype
symbol list, are enclosed in quotes.
Fixes: 3fdc7541fba0 ("src: add multidevice support for netdev chain")
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
12 files changed, 21 insertions, 21 deletions
@@ -1062,7 +1062,7 @@ static void chain_print_declaration(const struct chain *chain, } else if (chain->dev_array_len > 1) { nft_print(octx, " devices = { "); for (i = 0; i < chain->dev_array_len; i++) { - nft_print(octx, "%s", chain->dev_array[i]); + nft_print(octx, "\"%s\"", chain->dev_array[i]); if (i + 1 != chain->dev_array_len) nft_print(octx, ", "); } @@ -2149,7 +2149,7 @@ static void flowtable_print_declaration(const struct flowtable *flowtable, if (flowtable->dev_array_len > 0) { nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab); for (i = 0; i < flowtable->dev_array_len; i++) { - nft_print(octx, "%s", flowtable->dev_array[i]); + nft_print(octx, "\"%s\"", flowtable->dev_array[i]); if (i + 1 != flowtable->dev_array_len) nft_print(octx, ", "); } diff --git a/tests/shell/features/flowtable_counter.sh b/tests/shell/features/flowtable_counter.sh index a4c4c621..5d47215f 100755 --- a/tests/shell/features/flowtable_counter.sh +++ b/tests/shell/features/flowtable_counter.sh @@ -6,7 +6,7 @@ EXPECTED="table ip filter2 { flowtable main_ft2 { hook ingress priority filter - devices = { lo } + devices = { \"lo\" } counter } }" diff --git a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft index 84a908d3..08a19014 100644 --- a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft +++ b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft @@ -5,12 +5,12 @@ table netdev filter1 { } table netdev filter2 { chain Main_Ingress2 { - type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept; + type filter hook ingress devices = { "d23456789012345", "lo" } priority -500; policy accept; } } table netdev filter3 { chain Main_Ingress3 { - type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept; + type filter hook ingress devices = { "d23456789012345", "lo" } priority -500; policy accept; } chain Main_Egress3 { diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft index 629bfe81..79fa5913 100644 --- a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft @@ -1,7 +1,7 @@ table inet t { flowtable f { hook ingress priority filter + 10 - devices = { lo } + devices = { "lo" } } chain c { diff --git a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft index aecfb2ab..2d0ea905 100644 --- a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft @@ -1,6 +1,6 @@ table ip t { flowtable f { hook ingress priority filter + 10 - devices = { lo } + devices = { "lo" } } } diff --git a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft index dd904f44..39de91b1 100644 --- a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft @@ -1,6 +1,6 @@ table ip x { flowtable y { hook ingress priority filter - devices = { lo } + devices = { "lo" } } } diff --git a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft index c1d79e7b..b01b3027 100644 --- a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft +++ b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft @@ -1,7 +1,7 @@ table ip x { flowtable y { hook ingress priority filter - devices = { lo } + devices = { "lo" } } chain x { diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft index df1c51a2..7863822d 100644 --- a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft @@ -1,14 +1,14 @@ table ip filter1 { flowtable Main_ft1 { hook ingress priority filter - devices = { lo } + devices = { "lo" } counter } } table ip filter2 { flowtable Main_ft2 { hook ingress priority filter - devices = { lo } + devices = { "lo" } counter } } diff --git a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft index 67db7d02..585f63b1 100644 --- a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft @@ -1,6 +1,6 @@ table inet filter { flowtable f { hook ingress priority filter - 1 - devices = { lo } + devices = { "lo" } } } diff --git a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft index 145aa081..12f97a75 100644 --- a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft +++ b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft @@ -1,7 +1,7 @@ table inet filter { flowtable f { hook ingress priority filter - 1 - devices = { lo } + devices = { "lo" } counter } diff --git a/tests/shell/testcases/listing/0020flowtable_0 b/tests/shell/testcases/listing/0020flowtable_0 index 14b0c909..84f51897 100755 --- a/tests/shell/testcases/listing/0020flowtable_0 +++ b/tests/shell/testcases/listing/0020flowtable_0 @@ -8,11 +8,11 @@ set -e FLOWTABLES="flowtable f { hook ingress priority filter - devices = { lo } + devices = { \"lo\" } } flowtable f2 { hook ingress priority filter - devices = { d0 } + devices = { \"d0\" } }" RULESET="table inet filter { @@ -25,23 +25,23 @@ table ip filter { EXPECTED="table inet filter { flowtable f { hook ingress priority filter - devices = { lo } + devices = { \"lo\" } } }" EXPECTED2="table ip filter { flowtable f2 { hook ingress priority filter - devices = { d0 } + devices = { \"d0\" } } }" EXPECTED3="table ip filter { flowtable f { hook ingress priority filter - devices = { lo } + devices = { \"lo\" } } flowtable f2 { hook ingress priority filter - devices = { d0 } + devices = { \"d0\" } } }" diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft index 4a64e531..0962e73a 100644 --- a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft +++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft @@ -1,7 +1,7 @@ table inet filter { flowtable f { hook ingress priority filter - devices = { lo } + devices = { "lo" } } flowtable f2 { @@ -11,7 +11,7 @@ table inet filter { table ip filter { flowtable f { hook ingress priority filter - devices = { lo } + devices = { "lo" } } flowtable f2 { |