define ips_queue = 0
add rule ip foo snortips queue num $ips_queue bypass
And it gave error in nftables 1.0.0:
/etc/nftables4.conf:19:49-54: Error: syntax error, unexpected bypass, expecting -
add rule ip foo snortips queue num $ips_queue bypass
Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
src/parser_bison.y | 1 +
tests/shell/testcases/nft-f/0022variables_0 | 2 ++
.../testcases/nft-f/dumps/0022variables_0.nft | 15 +++++++++++++++
3 files changed, 18 insertions(+)
create mode 100644 tests/shell/testcases/nft-f/dumps/0022variables_0.nft
diff --git a/src/parser_bison.y b/src/parser_bison.y
index 83f0250a8744..6b87ece55a69 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3792,6 +3792,7 @@ queue_stmt_arg : QUEUENUM queue_stmt_expr_simple
queue_stmt_expr_simple : integer_expr
| range_rhs_expr
+ | variable_expr
;
queue_stmt_expr : numgen_expr
diff --git a/tests/shell/testcases/nft-f/0022variables_0 b/tests/shell/testcases/nft-f/0022variables_0
index ee17a6272aa3..00ab550e4009 100755
--- a/tests/shell/testcases/nft-f/0022variables_0
+++ b/tests/shell/testcases/nft-f/0022variables_0
@@ -3,6 +3,7 @@
set -e
RULESET="define test1 = @y
+define ips_queue = 1
table ip x {
set y {
@@ -15,6 +16,7 @@ table ip x {
add \$test1 { ip saddr }
update \$test1 { ip saddr timeout 30s }
ip saddr \$test1
+ queue flags bypass num \$ips_queue
}
}"
diff --git a/tests/shell/testcases/nft-f/dumps/0022variables_0.nft b/tests/shell/testcases/nft-f/dumps/0022variables_0.nft
new file mode 100644
index 000000000000..6b87f8798287
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0022variables_0.nft
@@ -0,0 +1,15 @@
+table ip x {
+ set y {
+ type ipv4_addr
+ size 65535
+ flags dynamic,timeout
+ }
+
+ chain z {
+ type filter hook input priority filter; policy accept;
+ add @y { ip saddr }
+ update @y { ip saddr timeout 30s }
+ ip saddr @y
+ queue flags bypass num 1
+ }
+}
--
2.20.1
