Re: [PATCH nft] datatype: fix print of raw numerical symbol values

Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> · Mon, 17 Jun 2019 11:54:46 +0200

On Mon, Jun 17, 2019 at 01:48:17AM +0200, Florian Westphal wrote:
> Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
> > > This means we now respect format specifier as well:
> > > 	chain in_public {
> > >                 arp operation 1-2 accept
> > >                 arp operation 256-512 accept
> > >                 meta mark "0x00000001"
> > 
> > Hm, why is "1" turned into "0x00000001"?
> 
> Because it will now respect basefmt, and that is:
> 
> const struct datatype mark_type = {
> 	...
>         .basefmt        = "0x%.8Zx",

We don't want this, right? I mean, no quotes in that case.

> > >   Note there is a discrepancy between output when we have a symbol and
> > >   when we do not.
> > > 
> > >   Example, add rule:
> > >   meta mark "foo"
> > > 
> > >   (with '1 "foo"' in rt_marks), nft will print quotes when symbol
> > >   printing is inhibited via -n, but elides them in case the symbol
> > >   is not available.
> > 
> > Then, we also need a patch to regard NFT_CTX_OUTPUT_NUMERIC_ALL, right?
> 
> Not sure what you mean.

I mean:

# nft list ruleset
table ip x {
        chain y {
                meta mark "test"
        }
}
# nft list ruleset -n
table ip x {
        chain y {
                meta mark "20"
        }
}

This output with -n should not print quotes, ie. no "20".

> symbolic_constant_print()
> 
> does:
> 
>  if (no_symbol_found)
> 	return print_raw();
>  if (quotes)
> 	 nft_print(octx, "\"");
>  if (nft_output_numeric_symbol(octx))
> 	 expr_basetype(expr)->print(expr, octx);
>  else
> 	  nft_print(octx, "%s", s->identifier);
>   ...
> 
>  maybe either do:
> 
>  if (no_symbol_found) {
> 	 if (quotes)
> 		 ....
> 	print_raw();
>     ...
>     return;
>  }
> 
> (i.e., print quotes if no symbol found), or
> 
> if (nft_output_numeric_symbol(octx)) {
>    expr_basetype(expr)->print(expr, octx);
> } else {
>    if (quotes) ..
> 	  nft_print(octx, "\"%s\"", s->identifier);
>    else
> 	   nft_print(octx, "%s", s->identifier);
> }
> 
> i.e., only print the "" if we found a symbol translation.

Agreed :-).

BTW, this probably takes me back to the proposal not to strip off
quotes from the scanner step. Hence, quoted strings will trigger a
rt_mark lookup, otherwise we assume this is a 32-bit integer mark
type. I'm refering to the parser side, so meta mark "0x20" means:
Search for 0x20 key in rt_marks.