On Sun, Mar 24, 2024 at 02:59:07PM +0000, Jeremy Sowden wrote:
> It is possible to use a variable to initialize a map, which is then used in a
> map statement:
>
> define m = { ::1234 : 5678 }
>
> table ip6 nat {
> map m {
> typeof ip6 daddr : tcp dport;
> elements = $m
> }
> chain prerouting {
> ip6 nexthdr tcp redirect to ip6 daddr map @m
> }
> }
>
> However, if one tries to use the variable directly in the statement:
>
> define m = { ::1234 : 5678 }
>
> table ip6 nat {
> chain prerouting {
> ip6 nexthdr tcp redirect to ip6 daddr map $m
> }
> }
>
> nft rejects it:
>
> /space/azazel/tmp/ruleset.1067161.nft:5:47-48: Error: invalid mapping expression variable
> ip6 nexthdr tcp redirect to ip6 daddr map $m
> ~~~~~~~~~ ^^
>
> Extend `expr_evaluate_map` to allow it.
>
> Add a test-case.
Thanks for your patch.
> Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067161
> Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx>
> ---
> src/evaluate.c | 1 +
> .../shell/testcases/maps/anonymous_snat_map_1 | 16 +++++
> .../maps/dumps/anonymous_snat_map_1.json-nft | 58 +++++++++++++++++++
> .../maps/dumps/anonymous_snat_map_1.nft | 5 ++
> 4 files changed, 80 insertions(+)
> create mode 100755 tests/shell/testcases/maps/anonymous_snat_map_1
> create mode 100644 tests/shell/testcases/maps/dumps/anonymous_snat_map_1.json-nft
> create mode 100644 tests/shell/testcases/maps/dumps/anonymous_snat_map_1.nft
>
> diff --git a/src/evaluate.c b/src/evaluate.c
> index 1682ba58989e..d49213f8d6bd 100644
> --- a/src/evaluate.c
> +++ b/src/evaluate.c
> @@ -2061,6 +2061,7 @@ static int expr_evaluate_map(struct eval_ctx *ctx, struct expr **expr)
expr_evaluate_objmap() also needs a similar fix.
> mappings->set_flags |= NFT_SET_MAP;
>
> switch (map->mappings->etype) {
> + case EXPR_VARIABLE:
> case EXPR_SET:
> if (ctx->ectx.key && ctx->ectx.key->etype == EXPR_CONCAT) {
> key = expr_clone(ctx->ectx.key);
