diff options
author | Florian Westphal <fw@strlen.de> | 2022-06-10 13:01:46 +0200 |
---|---|---|
committer | Florian Westphal <fw@strlen.de> | 2022-06-10 13:09:11 +0200 |
commit | 638af0ceb2b22307098bb2730822e148ef0b9424 (patch) | |
tree | ec439ae301850e2f531d5edc7de19872f6921542 /tests/shell/testcases | |
parent | 3eb0da9f47b10d4a98e9150e0fd67d8f616250f9 (diff) |
Revert "scanner: flags: move to own scope"
Excess nesting of scanner scopes is very fragile and error prone:
rule `iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop`
fails with `Error: No symbol type information` hinting at `prefix`
Problem is that we nest via:
counter
limit
log
flags
By the time 'prefix' is scanned, state is still stuck in 'counter' due
to this nesting. Working around "prefix" isn't enough, any other
keyword, e.g. "level" in 'flags all level debug' will be parsed as 'string' too.
So, revert this.
Fixes: a16697097e2b ("scanner: flags: move to own scope")
Reported-by: Christian Göttsche <cgzones@googlemail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Diffstat (limited to 'tests/shell/testcases')
-rwxr-xr-x | tests/shell/testcases/parsing/log | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/tests/shell/testcases/parsing/log b/tests/shell/testcases/parsing/log new file mode 100755 index 00000000..0b89d589 --- /dev/null +++ b/tests/shell/testcases/parsing/log @@ -0,0 +1,10 @@ +#!/bin/bash + +$NFT add table t || exit 1 +$NFT add chain t c || exit 1 +$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all prefix "nft_lo4 " drop' || exit 1 +$NFT add rule t c 'iif != lo ip daddr 127.0.0.1/8 counter limit rate 1/second log flags all level debug drop' || exit 1 +$NFT delete table t || exit 1 + +exit 0 + |