diff options
| -rw-r--r-- | src/datatype.c | 11 | ||||
| -rw-r--r-- | src/evaluate.c | 7 | ||||
| -rw-r--r-- | src/parser_bison.y | 3 | ||||
| -rwxr-xr-x | tests/shell/testcases/nft-f/0018jump_variable_0 | 19 | ||||
| -rwxr-xr-x | tests/shell/testcases/nft-f/0019jump_variable_1 | 20 | ||||
| -rwxr-xr-x | tests/shell/testcases/nft-f/0020jump_variable_1 | 20 | ||||
| -rw-r--r-- | tests/shell/testcases/nft-f/dumps/0018jump_variable_0.nft | 8 |
7 files changed, 87 insertions, 1 deletions
diff --git a/src/datatype.c b/src/datatype.c index 10f185bc..1d5ed6f7 100644 --- a/src/datatype.c +++ b/src/datatype.c @@ -309,11 +309,22 @@ static void verdict_type_print(const struct expr *expr, struct output_ctx *octx) } } +static struct error_record *verdict_type_parse(const struct expr *sym, + struct expr **res) +{ + *res = constant_expr_alloc(&sym->location, &string_type, + BYTEORDER_HOST_ENDIAN, + (strlen(sym->identifier) + 1) * BITS_PER_BYTE, + sym->identifier); + return NULL; +} + const struct datatype verdict_type = { .type = TYPE_VERDICT, .name = "verdict", .desc = "netfilter verdict", .print = verdict_type_print, + .parse = verdict_type_parse, }; static const struct symbol_table nfproto_tbl = { diff --git a/src/evaluate.c b/src/evaluate.c index 83940378..55fb3b61 100644 --- a/src/evaluate.c +++ b/src/evaluate.c @@ -1950,6 +1950,13 @@ static int stmt_evaluate_verdict(struct eval_ctx *ctx, struct stmt *stmt) if (stmt->expr->chain != NULL) { if (expr_evaluate(ctx, &stmt->expr->chain) < 0) return -1; + if ((stmt->expr->chain->etype != EXPR_SYMBOL && + stmt->expr->chain->etype != EXPR_VALUE) || + stmt->expr->chain->symtype != SYMBOL_VALUE) { + return stmt_error(ctx, stmt, + "invalid verdict chain expression %s\n", + expr_name(stmt->expr->chain)); + } } break; case EXPR_MAP: diff --git a/src/parser_bison.y b/src/parser_bison.y index f2583ade..62e76fe6 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -3841,7 +3841,8 @@ verdict_expr : ACCEPT } ; -chain_expr : identifier +chain_expr : variable_expr + | identifier { $$ = constant_expr_alloc(&@$, &string_type, BYTEORDER_HOST_ENDIAN, diff --git a/tests/shell/testcases/nft-f/0018jump_variable_0 b/tests/shell/testcases/nft-f/0018jump_variable_0 new file mode 100755 index 00000000..003a1bdf --- /dev/null +++ b/tests/shell/testcases/nft-f/0018jump_variable_0 @@ -0,0 +1,19 @@ +#!/bin/bash + +# Tests use of variables in jump statements + +set -e + +RULESET=" +define dest = ber + +table ip foo { + chain bar { + jump \$dest + } + + chain ber { + } +}" + +$NFT -f - <<< "$RULESET" diff --git a/tests/shell/testcases/nft-f/0019jump_variable_1 b/tests/shell/testcases/nft-f/0019jump_variable_1 new file mode 100755 index 00000000..bda861c9 --- /dev/null +++ b/tests/shell/testcases/nft-f/0019jump_variable_1 @@ -0,0 +1,20 @@ +#!/bin/bash + +# Tests use of variables in jump statements + +set -e + +RULESET=" +define dest = { 1024 } + +table ip foo { + chain bar { + jump \$dest + } + + chain ber { + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/0020jump_variable_1 b/tests/shell/testcases/nft-f/0020jump_variable_1 new file mode 100755 index 00000000..f753058f --- /dev/null +++ b/tests/shell/testcases/nft-f/0020jump_variable_1 @@ -0,0 +1,20 @@ +#!/bin/bash + +# Tests use of variables in jump statements + +set -e + +RULESET=" +define dest = * + +table ip foo { + chain bar { + jump \$dest + } + + chain ber { + } +}" + +$NFT -f - <<< "$RULESET" && exit 1 +exit 0 diff --git a/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.nft b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.nft new file mode 100644 index 00000000..0ddaf07f --- /dev/null +++ b/tests/shell/testcases/nft-f/dumps/0018jump_variable_0.nft @@ -0,0 +1,8 @@ +table ip foo { + chain bar { + jump ber + } + + chain ber { + } +} |