src: allow for negative value in variable definitions

Extend test to cover for negative value in chain priority definition.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index d2d7694ae1707845d89c784eee23d6d5908822d0..f0cca64136ee13a39ea13bdbd1b4045a8f915e42 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -2157,7 +2157,6 @@ extended_prio_spec        :       int_num
                        {
                                struct prio_spec spec = {0};
 
-                               datatype_set($1->sym->expr, &priority_type);
                                spec.expr = $1;
                                $$ = spec;
                        }
@@ -3982,6 +3981,15 @@ set_rhs_expr             :       concat_rhs_expr
 initializer_expr       :       rhs_expr
                        |       list_rhs_expr
                        |       '{' '}'         { $$ = compound_expr_alloc(&@$, EXPR_SET); }
+                       |       DASH    NUM
+                       {
+                               int32_t num = -$2;
+
+                               $$ = constant_expr_alloc(&@$, &integer_type,
+                                                        BYTEORDER_HOST_ENDIAN,
+                                                        sizeof(num) * BITS_PER_BYTE,
+                                                        &num);
+                       }
                        ;
 
 counter_config         :       PACKETS         NUM     BYTES   NUM

diff --git a/tests/shell/testcases/chains/0032priority_variable_0 b/tests/shell/testcases/chains/0032priority_variable_0
index 51bc5eb15e2a4dd7fbabe8feae3e7ce6b3bc4367..8f2e57b9b3c3b6da17d584e63ab759853fcca67e 100755 (executable)
--- a/tests/shell/testcases/chains/0032priority_variable_0
+++ b/tests/shell/testcases/chains/0032priority_variable_0
@@ -6,12 +6,22 @@ set -e
 
 RULESET="
 define pri = 10
+define post = -10
+define for = \"filter - 100\"
 
 table inet global {
     chain prerouting {
         type filter hook prerouting priority \$pri
         policy accept
     }
+    chain forward {
+        type filter hook prerouting priority \$for
+        policy accept
+    }
+    chain postrouting {
+        type filter hook postrouting priority \$post
+        policy accept
+    }
 }"
 
 $NFT -f - <<< "$RULESET"

diff --git a/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft b/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft
new file mode 100644 (file)
index 0000000..1a1b079
--- /dev/null
+++ b/tests/shell/testcases/chains/dumps/0032priority_variable_0.nft
@@ -0,0 +1,13 @@
+table inet global {
+       chain prerouting {
+               type filter hook prerouting priority filter + 10; policy accept;
+       }
+
+       chain forward {
+               type filter hook prerouting priority dstnat; policy accept;
+       }
+
+       chain postrouting {
+               type filter hook postrouting priority filter - 10; policy accept;
+       }
+}