datatype: fix print of raw numerical symbol values

The two rules:
arp operation 1-2 accept
arp operation 256-512 accept

are both shown as 256-512:

        chain in_public {
                arp operation 256-512 accept
                arp operation 256-512 accept
                meta mark "1"
                tcp flags 2,4
        }

This is because range expression enforces numeric output,
yet nft_print doesn't respect byte order.

Behave as if we had no symbol in the first place and call
the base type print function instead.

This means we now respect format specifier as well:
	chain in_public {
                arp operation 1-2 accept
                arp operation 256-512 accept
                meta mark 0x00000001
                tcp flags 0x2,0x4
	}

Without fix, added test case will fail:
'add rule arp test-arp input arp operation 1-2': 'arp operation 1-2' mismatches 'arp operation 256-512'

v2: in case of -n, also elide quotation marks, just as if we would not
have found a symbolic name.

Signed-off-by: Florian Westphal <fw@strlen.de>
Acked-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/datatype.c b/src/datatype.c
index 519f79d70b9a3ebcb5be074969ace7b28c0577d6..6d6826e9d7452caa5df0d049ea459ab87d62b157 100644 (file)
--- a/src/datatype.c
+++ b/src/datatype.c
@@ -191,19 +191,10 @@ void symbolic_constant_print(const struct symbol_table *tbl,
                        break;
        }
 
-       if (s->identifier == NULL)
+       if (s->identifier == NULL || nft_output_numeric_symbol(octx))
                return expr_basetype(expr)->print(expr, octx);
 
-       if (quotes)
-               nft_print(octx, "\"");
-
-       if (nft_output_numeric_symbol(octx))
-               nft_print(octx, "%" PRIu64 "", val);
-       else
-               nft_print(octx, "%s", s->identifier);
-
-       if (quotes)
-               nft_print(octx, "\"");
+       nft_print(octx, quotes ? "\"%s\"" : "%s", s->identifier);
 }
 
 static void switch_byteorder(void *data, unsigned int len)

diff --git a/tests/py/arp/arp.t b/tests/py/arp/arp.t
index 86bab5232eaf35cfaabd258c4162c1abe1b979d8..2540c0a77419152e6bbe9d2863f211d84b44bd1c 100644 (file)
--- a/tests/py/arp/arp.t
+++ b/tests/py/arp/arp.t
@@ -38,6 +38,7 @@ arp plen != {33-55};ok
 
 arp operation {nak, inreply, inrequest, rreply, rrequest, reply, request};ok
 arp operation != {nak, inreply, inrequest, rreply, rrequest, reply, request};ok
+arp operation 1-2;ok
 arp operation request;ok
 arp operation reply;ok
 arp operation rrequest;ok

diff --git a/tests/py/arp/arp.t.payload b/tests/py/arp/arp.t.payload
index d36bef183396ffc3e61b48fc24e676b649517dac..52c993294810f23f2884c31e0e2acf64caedd128 100644 (file)
--- a/tests/py/arp/arp.t.payload
+++ b/tests/py/arp/arp.t.payload
@@ -188,6 +188,12 @@ arp test-arp input
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
+# arp operation 1-2
+arp test-arp input
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp gte reg 1 0x00000100 ]
+  [ cmp lte reg 1 0x00000200 ]
+
 # arp operation request
 arp test-arp input
   [ payload load 2b @ network header + 6 => reg 1 ]

diff --git a/tests/py/arp/arp.t.payload.netdev b/tests/py/arp/arp.t.payload.netdev
index 0146cf500ee2150f273f6e8c35da929863d63379..667691fff2f650c6df9620e15377103b86207164 100644 (file)
--- a/tests/py/arp/arp.t.payload.netdev
+++ b/tests/py/arp/arp.t.payload.netdev
@@ -246,6 +246,14 @@ netdev test-netdev ingress
   [ payload load 2b @ network header + 6 => reg 1 ]
   [ lookup reg 1 set __set%d 0x1 ]
 
+# arp operation 1-2
+netdev test-netdev ingress
+  [ meta load protocol => reg 1 ]
+  [ cmp eq reg 1 0x00000608 ]
+  [ payload load 2b @ network header + 6 => reg 1 ]
+  [ cmp gte reg 1 0x00000100 ]
+  [ cmp lte reg 1 0x00000200 ]
+
 # arp operation request
 netdev test-netdev ingress 
   [ meta load protocol => reg 1 ]