]> git.ipfire.org Git - thirdparty/nftables.git/commitdiff
projects / thirdparty / nftables.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 49151cd)
parser_bison: Fix for broken compatibility with older dumps
authorPhil Sutter <phil@nwl.cc>
Thu, 19 Oct 2023 16:40:04 +0000 (18:40 +0200)
committerPhil Sutter <phil@nwl.cc>
Thu, 19 Oct 2023 23:37:49 +0000 (01:37 +0200)
Commit e6d1d0d611958 ("src: add set element multi-statement
support") changed the order of expressions and other state attached to set
elements are expected in input. This broke parsing of ruleset dumps
created by nft commands prior to that commit.

Restore compatibility by also accepting the old ordering.

Fixes: e6d1d0d611958 ("src: add set element multi-statement support")
Signed-off-by: Phil Sutter <phil@nwl.cc>
src/parser_bison.y patch | blob | blame | history
tests/shell/testcases/sets/elem_opts_compat_0 [new file with mode: 0755] patch | blob

diff --git a/src/parser_bison.y b/src/parser_bison.y
index c517dc38b37d6c3884580c86d8b603deeff98fba..f0652ba651c68ea12a4d401e26d3b3f2e954ee61 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -4523,6 +4523,12 @@ meter_key_expr_alloc     :       concat_expr
 
 set_elem_expr          :       set_elem_expr_alloc
                        |       set_elem_expr_alloc             set_elem_expr_options
+                       |       set_elem_expr_alloc             set_elem_expr_options   set_elem_stmt_list
+                       {
+                               $$ = $1;
+                               list_splice_tail($3, &$$->stmt_list);
+                               xfree($3);
+                       }
                        ;
 
 set_elem_key_expr      :       set_lhs_expr            { $$ = $1; }
diff --git a/tests/shell/testcases/sets/elem_opts_compat_0 b/tests/shell/testcases/sets/elem_opts_compat_0
new file mode 100755 (executable)
index 0000000..e012953
--- /dev/null
+++ b/tests/shell/testcases/sets/elem_opts_compat_0
@@ -0,0 +1,29 @@
+#!/bin/sh
+
+# ordering of element options and expressions has changed, make sure parser
+# accepts both ways
+
+set -e
+
+$NFT -f - <<EOF
+table t {
+       set s {
+               type inet_service
+               counter;
+               timeout 30s;
+       }
+}
+EOF
+
+check() {
+       out=$($NFT list ruleset)
+       secs=$(sed -n 's/.*expires \([0-9]\+\)s.*/\1/p' <<< "$out")
+       [[ $secs -lt 11 ]]
+       grep -q 'counter packets 10 bytes 20' <<< "$out"
+}
+
+$NFT add element t s '{ 23 counter packets 10 bytes 20 expires 10s }'
+check
+$NFT flush set t s
+$NFT add element t s '{ 42 expires 10s counter packets 10 bytes 20 }'
+check
Mirror of git://git.netfilter.org/nftables