Re: parser problem in range map?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Andreas Schultz <andreas.schultz@xxxxxxxxxxxxxx> wrote:
> The following simple ruleset fails to load on nftables 0.9.8 (from
> Ubuntu 21.04):
> 
> #!/usr/sbin/nft -f
> 
> flush ruleset
> 
> table inet nat {
>     chain prerouting {
>         type filter hook prerouting priority -100;
>         ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
> : 10.0.1.2 }
>     }
> 
>     chain postrouting {
>         type filter hook postrouting priority 100;
>     }
> }
> 
> It throws this error:
> 
> # nft -f test.nft
> test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
> type filter hook postrouting priority 100;
>                                       ^^^
> test.nft:12:31-42: Error: invalid priority expression value in this context.
> type filter hook postrouting priority 100;
>                              ^^^^^^^^^^^^
> 
> Is there something wrong with my expression or is this a bug?

Bug.  This looks like the right fix:

diff --git a/src/evaluate.c b/src/evaluate.c
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3789,8 +3789,8 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio,
        int prio_snd;
        char op;
 
-       ctx->ectx.dtype = &priority_type;
-       ctx->ectx.len = NFT_NAME_MAXLEN * BITS_PER_BYTE;
+       expr_set_context(&ctx->ectx, &priority_type, NFT_NAME_MAXLEN * BITS_PER_BYTE);
+
        if (expr_evaluate(ctx, &prio->expr) < 0)
                return false;




[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux