[PATCH nft] parser_bison: restore variable expression in queue statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



define ips_queue = 0
add rule ip foo snortips queue num $ips_queue bypass

And it gave error in nftables 1.0.0:

/etc/nftables4.conf:19:49-54: Error: syntax error, unexpected bypass, expecting -
add rule ip foo snortips queue num $ips_queue bypass

Signed-off-by: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>
---
 src/parser_bison.y                                |  1 +
 tests/shell/testcases/nft-f/0022variables_0       |  2 ++
 .../testcases/nft-f/dumps/0022variables_0.nft     | 15 +++++++++++++++
 3 files changed, 18 insertions(+)
 create mode 100644 tests/shell/testcases/nft-f/dumps/0022variables_0.nft

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 83f0250a8744..6b87ece55a69 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3792,6 +3792,7 @@ queue_stmt_arg		:	QUEUENUM	queue_stmt_expr_simple
 
 queue_stmt_expr_simple	:	integer_expr
 			|	range_rhs_expr
+			|	variable_expr
 			;
 
 queue_stmt_expr		:	numgen_expr
diff --git a/tests/shell/testcases/nft-f/0022variables_0 b/tests/shell/testcases/nft-f/0022variables_0
index ee17a6272aa3..00ab550e4009 100755
--- a/tests/shell/testcases/nft-f/0022variables_0
+++ b/tests/shell/testcases/nft-f/0022variables_0
@@ -3,6 +3,7 @@
 set -e
 
 RULESET="define test1 = @y
+define ips_queue = 1
 
 table ip x {
 	set y {
@@ -15,6 +16,7 @@ table ip x {
 		add \$test1 { ip saddr }
 		update \$test1 { ip saddr timeout 30s }
 		ip saddr \$test1
+		queue flags bypass num \$ips_queue
 	}
 }"
 
diff --git a/tests/shell/testcases/nft-f/dumps/0022variables_0.nft b/tests/shell/testcases/nft-f/dumps/0022variables_0.nft
new file mode 100644
index 000000000000..6b87f8798287
--- /dev/null
+++ b/tests/shell/testcases/nft-f/dumps/0022variables_0.nft
@@ -0,0 +1,15 @@
+table ip x {
+	set y {
+		type ipv4_addr
+		size 65535
+		flags dynamic,timeout
+	}
+
+	chain z {
+		type filter hook input priority filter; policy accept;
+		add @y { ip saddr }
+		update @y { ip saddr timeout 30s }
+		ip saddr @y
+		queue flags bypass num 1
+	}
+}
-- 
2.20.1




[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux