From b41418e247998e134ec872d1557daa38bcdbc6c7 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Mon, 26 Jul 2021 12:00:07 +0200
Subject: parser_bison: stateful statement support in map

Missing parser extension to support for stateful statements in map.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 src/parser_bison.y                              |  6 ++++++
 tests/shell/testcases/maps/0011vmap_0           | 25 +++++++++++++++++++++++++
 tests/shell/testcases/maps/dumps/0011vmap_0.nft | 19 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100755 tests/shell/testcases/maps/0011vmap_0
 create mode 100644 tests/shell/testcases/maps/dumps/0011vmap_0.nft

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 5545a43d..b9b3d026 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2052,6 +2052,12 @@ map_block		:	/* empty */	{ $$ = $<set>-1; }
 				$1->flags |= $3;
 				$$ = $1;
 			}
+			|	map_block	stateful_stmt_list		stmt_separator
+			{
+				list_splice_tail($2, &$1->stmt_list);
+				$$ = $1;
+				free($2);
+			}
 			|	map_block	ELEMENTS	'='		set_block_expr
 			{
 				$1->init = $4;
diff --git a/tests/shell/testcases/maps/0011vmap_0 b/tests/shell/testcases/maps/0011vmap_0
new file mode 100755
index 00000000..83704d48
--- /dev/null
+++ b/tests/shell/testcases/maps/0011vmap_0
@@ -0,0 +1,25 @@
+#!/bin/bash
+
+set -e
+
+EXPECTED="table inet filter {
+	map portmap {
+		type inet_service : verdict
+		counter
+	}
+
+        chain ssh_input {
+        }
+
+        chain wan_input {
+                tcp dport vmap @portmap
+        }
+
+        chain prerouting {
+                type filter hook prerouting priority -300; policy accept;
+                iif vmap { "lo" : jump wan_input }
+        }
+}"
+
+$NFT -f - <<< "$EXPECTED"
+$NFT 'add element inet filter portmap { 22 : jump ssh_input, * : drop }'
diff --git a/tests/shell/testcases/maps/dumps/0011vmap_0.nft b/tests/shell/testcases/maps/dumps/0011vmap_0.nft
new file mode 100644
index 00000000..4a72b5e7
--- /dev/null
+++ b/tests/shell/testcases/maps/dumps/0011vmap_0.nft
@@ -0,0 +1,19 @@
+table inet filter {
+	map portmap {
+		type inet_service : verdict
+		counter
+		elements = { 22 counter packets 0 bytes 0 : jump ssh_input, * counter packets 0 bytes 0 : drop }
+	}
+
+	chain ssh_input {
+	}
+
+	chain wan_input {
+		tcp dport vmap @portmap
+	}
+
+	chain prerouting {
+		type filter hook prerouting priority raw; policy accept;
+		iif vmap { "lo" : jump wan_input }
+	}
+}
-- 
cgit v1.2.3