From 767f0af82a3896a9a643de281cb020d04a7b7cf0 Mon Sep 17 00:00:00 2001 From: Florian Westphal Date: Wed, 16 Jun 2021 00:43:46 +0200 Subject: parser: restrict queue num expressiveness Else we run into trouble once we allow queue num symhash mod 4 and 1 and so on. Example problem: queue num jhash ip saddr mod 4 and 1 bypass This will fail to parse because the scanner is in the wrong state (ip, not queue), so 'bypass' is parsed as a string. Currently, while nft will eat the above just fine (minus 'bypass'), nft rejects this from the evaluation phase with Error: queue number is not constant So seems we are lucky and can restrict the supported expressions to integer and range. Furthermore, the line looks wrong because this statement: queue num jhash ip saddr mod 4 and 1 bypass doesn't specifiy a number, "queue num 4" does, or "queue num 1-2" do. For arbitrary expr support it seems sensible to enforce stricter ordering to avoid any problems with the flags, for example: queue bypass,futurekeyword to jhash ip saddr mod 42 Signed-off-by: Florian Westphal --- src/parser_bison.y | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'src/parser_bison.y') diff --git a/src/parser_bison.y b/src/parser_bison.y index 5e702a05..a329538a 100644 --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -705,6 +705,8 @@ int nft_lex(void *, void *, void *); %type queue_stmt queue_stmt_alloc %destructor { stmt_free($$); } queue_stmt queue_stmt_alloc +%type queue_stmt_expr +%destructor { expr_free($$); } queue_stmt_expr %type queue_stmt_flags queue_stmt_flag %type dup_stmt %destructor { stmt_free($$); } dup_stmt @@ -3753,7 +3755,7 @@ queue_stmt_args : queue_stmt_arg | queue_stmt_args queue_stmt_arg ; -queue_stmt_arg : QUEUENUM stmt_expr +queue_stmt_arg : QUEUENUM queue_stmt_expr { $0->queue.queue = $2; $0->queue.queue->location = @$; @@ -3764,6 +3766,10 @@ queue_stmt_arg : QUEUENUM stmt_expr } ; +queue_stmt_expr : integer_expr + | range_rhs_expr + ; + queue_stmt_flags : queue_stmt_flag | queue_stmt_flags COMMA queue_stmt_flag { -- cgit v1.2.3