Hello, On lør, 2016-06-25 at 15:30 +0200, Anders K. Pedersen wrote: > With nftables 0.6 I'm getting a syntax error, when I try to use the > feature that was introduced > by http://git.netfilter.org/nftables/commit > /?id=a9467e55973b10c2e8fe37525514c961580f8506 . For example: > > # nft filter input set add tcp dport @myset > <cmdline>:1:26-30: Error: syntax error, unexpected dport > filter input set add tcp dport @myset > ^^^^^ > # nft filter input set add ip saddr timeout 10s @myset > <cmdline>:1:25-29: Error: syntax error, unexpected saddr > filter input set add ip saddr timeout 10s @myset > ^^^^^ > # nft filter input set update ip saddr timeout 10s @myset > <cmdline>:1:28-32: Error: syntax error, unexpected saddr > filter input set update ip saddr timeout 10s @myset > ^^^^^ I did a git bisect on this and found that it was broken by commit a3e60492a684be09374d0649735da42bdadc6b48 Author: Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> Date: Sun Dec 27 22:15:17 2015 +0100 parser: restrict relational rhs expression recursion After studying it a bit I reverted a part of it with the following change, which made the commands above work again: --- a/src/parser_bison.y +++ b/src/parser_bison.y @@ -2054,7 +2054,7 @@ set_elem_option : TIMEOUT time_spec } ; -set_lhs_expr : concat_rhs_expr +set_lhs_expr : concat_expr | multiton_rhs_expr ; The commit message indicated that it intended to handle rhs expressions, but this is a lhs expression, so maybe this change was unintended? Regards, Anders K. Pedersen -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
