src: fix netdev family device name parsing

Should use accept/use quotes, else you can't use this with a device name
that is shared with a key word, e.g. 'device vm'.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 39a3ab0492ab6695eb3135b2026c757583aa7dc1..02a373cb2289a6076f93e1b37a4ed22a89db0ced 100644 (file)
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -1969,7 +1969,7 @@ int_num           :       NUM                     { $$ = $1; }
                        |       DASH    NUM             { $$ = -$2; }
                        ;
 
-dev_spec               :       DEVICE  STRING          { $$ = $2; }
+dev_spec               :       DEVICE  string          { $$ = $2; }
                        |       /* empty */             { $$ = NULL; }
                        ;
 

diff --git a/src/rule.c b/src/rule.c
index e15a20b30bbd6ff6b7687958412279847a11cca2..73b78c75a267a701190ca1238610c57de74ca464 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1070,7 +1070,7 @@ static void chain_print_declaration(const struct chain *chain,
                nft_print(octx, "\t\ttype %s hook %s", chain->type,
                          hooknum2str(chain->handle.family, chain->hooknum));
                if (chain->dev != NULL)
-                       nft_print(octx, " device %s", chain->dev);
+                       nft_print(octx, " device \"%s\"", chain->dev);
                nft_print(octx, " priority %s; policy %s;\n",
                          prio2str(octx, priobuf, sizeof(priobuf),
                                   chain->handle.family, chain->hooknum,

diff --git a/tests/shell/testcases/chains/dumps/0021prio_0.nft b/tests/shell/testcases/chains/dumps/0021prio_0.nft
index 20125ba01186ff497e76be513f26bbc66d13af9b..ca94d4417bae099bb80c5c951b63cf6fc3827504 100644 (file)
--- a/tests/shell/testcases/chains/dumps/0021prio_0.nft
+++ b/tests/shell/testcases/chains/dumps/0021prio_0.nft
@@ -1364,23 +1364,23 @@ table arp x {
 }
 table netdev x {
        chain ingressfilterm11 {
-               type filter hook ingress device lo priority -11; policy accept;
+               type filter hook ingress device "lo" priority -11; policy accept;
        }
 
        chain ingressfilterm10 {
-               type filter hook ingress device lo priority filter - 10; policy accept;
+               type filter hook ingress device "lo" priority filter - 10; policy accept;
        }
 
        chain ingressfilter {
-               type filter hook ingress device lo priority filter; policy accept;
+               type filter hook ingress device "lo" priority filter; policy accept;
        }
 
        chain ingressfilterp10 {
-               type filter hook ingress device lo priority filter + 10; policy accept;
+               type filter hook ingress device "lo" priority filter + 10; policy accept;
        }
 
        chain ingressfilterp11 {
-               type filter hook ingress device lo priority 11; policy accept;
+               type filter hook ingress device "lo" priority 11; policy accept;
        }
 }
 table bridge x {