From 8e58e96075dea109d217ba7070043e0d5d574b66 Mon Sep 17 00:00:00 2001
From: "Jose M. Guisado Gomez" <guigom@riseup.net>
Date: Thu, 10 Sep 2020 18:40:20 +0200
Subject: parser_bison: fail when specifying multiple comments

Before this patch grammar supported specifying multiple comments, and
only the last value would be assigned.

This patch adds a function to test if an attribute is already assigned
and, if so, calls erec_queue with this attribute location.

Use this function in order to check for duplication (or more) of comments
for actions that support it.

> nft add table inet filter { flags "dormant"\; comment "test"\; comment "another"\;}

Error: You can only specify this once. This statement is duplicated.
add table inet filter { flags dormant; comment test; comment another;}
                                                     ^^^^^^^^^^^^^^^^

Signed-off-by: Jose M. Guisado Gomez <guigom@riseup.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 .../testcases/optionals/comments_objects_dup_0     | 97 ++++++++++++++++++++++
 1 file changed, 97 insertions(+)
 create mode 100755 tests/shell/testcases/optionals/comments_objects_dup_0

(limited to 'tests/shell')

diff --git a/tests/shell/testcases/optionals/comments_objects_dup_0 b/tests/shell/testcases/optionals/comments_objects_dup_0
new file mode 100755
index 00000000..79d975a2
--- /dev/null
+++ b/tests/shell/testcases/optionals/comments_objects_dup_0
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+EXPECTED='table ip filter {
+	quota q {
+		over 1200 bytes
+		comment "test1"
+		comment "test1"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+EXPECTED='table ip filter {
+	counter c {
+		packets 0 bytes 0
+		comment "test2"
+		comment "test2"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+EXPECTED='table ip filter {
+	ct helper h {
+		type "sip" protocol tcp
+		l3proto ip
+		comment "test3"
+		comment "test3"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+EXPECTED='table ip filter {
+	ct expectation e {
+		protocol tcp
+		dport 666
+		timeout 100ms
+		size 96
+		l3proto ip
+		comment "test4"
+		comment "test4"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+EXPECTED='table ip filter {
+	limit l {
+		rate 400/hour
+		comment "test5"
+		comment "test5"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
+
+EXPECTED='table ip filter {
+	synproxy s {
+		mss 1460
+		wscale 2
+		comment "test6"
+		comment "test6"
+	}
+}
+'
+
+$NFT -f - <<< "$EXPECTED"
+if [ $? -eq 0 ]
+then
+	exit 1
+fi
-- 
cgit v1.2.3