WHen I simplified the parser to restrict 'queue num' I forgot that
instead of range and immediate value its also allowed to pass in
a symbolic constant, e.g.
define myq = 0
add rule ... 'queue num $myq bypass'
Allow those as well and add a test case for this.
Fixes: 767f0af82a389 ("parser: restrict queue num expressiveness")
Reported-by: Amish <anon.amish@xxxxxxxxx>
Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
---
src/parser_bison.y | 1 +
tests/shell/testcases/nft-f/0012different_defines_0 | 7 +++++++
.../testcases/nft-f/dumps/0012different_defines_0.nft | 5 +++++
3 files changed, 13 insertions(+)
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 2634b90c559b..2c96ea69d0b2 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3793,6 +3793,7 @@ queue_stmt_arg : QUEUENUM queue_stmt_expr_simple
queue_stmt_expr_simple : integer_expr
| range_rhs_expr
+ | symbol_expr
;
queue_stmt_expr : numgen_expr
diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0
index 0bdbd1b5f147..fe22858791a1 100755
--- a/tests/shell/testcases/nft-f/0012different_defines_0
+++ b/tests/shell/testcases/nft-f/0012different_defines_0
@@ -14,6 +14,8 @@ define d_ipv4_2 = 10.0.0.2
define d_ipv6 = fe0::1
define d_ipv6_2 = fe0::2
define d_ports = 100-222
+define d_qnum = 0
+define d_qnumr = 1-42
table inet t {
chain c {
@@ -29,6 +31,11 @@ table inet t {
ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept }
tcp dport \$d_ports
udp dport vmap { \$d_ports : accept }
+ tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnum bypass
+ tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnumr
+ tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass,fanout num \$d_qnumr
+ tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue to symhash mod 2
+ tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass to jhash tcp dport . tcp sport mod 4
}
}"
diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
index 28094387ebed..e690f322436d 100644
--- a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
@@ -12,5 +12,10 @@ table inet t {
ip daddr . iif vmap { 10.0.0.0 . "lo" : accept }
tcp dport 100-222
udp dport vmap { 100-222 : accept }
+ tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass num 0
+ tcp sport 1 tcp dport 1 oifname "foobar" queue num 1-42
+ tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass,fanout num 1-42
+ tcp sport 1 tcp dport 1 oifname "foobar" queue to symhash mod 2
+ tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass to jhash tcp dport . tcp sport mod 4
}
}
--
2.31.1
