rule: print chain and flowtable devices in quotes

Print devices in quotes, for consistency with:

- the existing chain listing with single device:

  type filter hook ingress device "lo" priority filter; policy accept

- the ifname datatype used in sets.

In general, tokens that are user-defined, not coming in the datatype
symbol list, are enclosed in quotes.

Fixes: 3fdc7541fba0 ("src: add multidevice support for netdev chain")
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/src/rule.c b/src/rule.c
index c0f7570e233c109e91d7941a6a87ed858c422f21..3e3cc3b0fb7d9e82fe8e9be2899879548a87b225 100644 (file)
--- a/src/rule.c
+++ b/src/rule.c
@@ -1062,7 +1062,7 @@ static void chain_print_declaration(const struct chain *chain,
                } else if (chain->dev_array_len > 1) {
                        nft_print(octx, " devices = { ");
                        for (i = 0; i < chain->dev_array_len; i++) {
-                               nft_print(octx, "%s", chain->dev_array[i]);
+                               nft_print(octx, "\"%s\"", chain->dev_array[i]);
                                        if (i + 1 != chain->dev_array_len)
                                                nft_print(octx, ", ");
                        }
@@ -2149,7 +2149,7 @@ static void flowtable_print_declaration(const struct flowtable *flowtable,
        if (flowtable->dev_array_len > 0) {
                nft_print(octx, "%s%sdevices = { ", opts->tab, opts->tab);
                for (i = 0; i < flowtable->dev_array_len; i++) {
-                       nft_print(octx, "%s", flowtable->dev_array[i]);
+                       nft_print(octx, "\"%s\"", flowtable->dev_array[i]);
                        if (i + 1 != flowtable->dev_array_len)
                                nft_print(octx, ", ");
                }

diff --git a/tests/shell/features/flowtable_counter.sh b/tests/shell/features/flowtable_counter.sh
index a4c4c62124b03801ff446d9ba3b270e5d149227a..5d47215f2f941e97a03d95d22cb5c6666e4dc2e3 100755 (executable)
--- a/tests/shell/features/flowtable_counter.sh
+++ b/tests/shell/features/flowtable_counter.sh
@@ -6,7 +6,7 @@
 EXPECTED="table ip filter2 {
        flowtable main_ft2 {
                hook ingress priority filter
-               devices = { lo }
+               devices = { \"lo\" }
                counter
        }
 }"

diff --git a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft
index 84a908d33dee1dbee1760f56b02515f8556eead6..08a19014e7b8cca3d8d96ae617b8de8c0737aec6 100644 (file)
--- a/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft
+++ b/tests/shell/testcases/chains/dumps/0042chain_variable_0.nft
@@ -5,12 +5,12 @@ table netdev filter1 {
 }
 table netdev filter2 {
        chain Main_Ingress2 {
-               type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept;
+               type filter hook ingress devices = { "d23456789012345", "lo" } priority -500; policy accept;
        }
 }
 table netdev filter3 {
        chain Main_Ingress3 {
-               type filter hook ingress devices = { d23456789012345, lo } priority -500; policy accept;
+               type filter hook ingress devices = { "d23456789012345", "lo" } priority -500; policy accept;
        }
 
        chain Main_Egress3 {

diff --git a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
index 629bfe81cb18a5230b613b77a8362239d60a16e2..79fa591308437e9bf26a7713cb0008f33acfdc5c 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0001flowtable_0.nft
@@ -1,7 +1,7 @@
 table inet t {
        flowtable f {
                hook ingress priority filter + 10
-               devices = { lo }
+               devices = { "lo" }
        }
 
        chain c {

diff --git a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft
index aecfb2ab25df2f986198a1953b4ed27602f095b0..2d0ea905d8b98ef95bce1cf1f7060ec2765ff23b 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0002create_flowtable_0.nft
@@ -1,6 +1,6 @@
 table ip t {
        flowtable f {
                hook ingress priority filter + 10
-               devices = { lo }
+               devices = { "lo" }
        }
 }

diff --git a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft
index dd904f449ca1d3e287e5649a8cb4aa2c10946b41..39de91b19a82923bd04766fbd3f8a5748ca2e7d8 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0003add_after_flush_0.nft
@@ -1,6 +1,6 @@
 table ip x {
        flowtable y {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
        }
 }

diff --git a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft
index c1d79e7b144d1bf59fcb03860526ef989e1730fc..b01b3027c50e3c6275752e79427fc391887f9a70 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft
+++ b/tests/shell/testcases/flowtable/dumps/0005delete_in_use_1.nft
@@ -1,7 +1,7 @@
 table ip x {
        flowtable y {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
        }
 
        chain x {

diff --git a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft
index df1c51a247033aa58aaf96d841bac7783953a3ee..7863822d754b900e9da202de0a74b3a48f9093b6 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0012flowtable_variable_0.nft
@@ -1,14 +1,14 @@
 table ip filter1 {
        flowtable Main_ft1 {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
                counter
        }
 }
 table ip filter2 {
        flowtable Main_ft2 {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
                counter
        }
 }

diff --git a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft
index 67db7d029392cbc90d1118ffed3ed42c98ac5003..585f63b1b9163e11e6f545f9e797dadb78f3365b 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0013addafterdelete_0.nft
@@ -1,6 +1,6 @@
 table inet filter {
        flowtable f {
                hook ingress priority filter - 1
-               devices = { lo }
+               devices = { "lo" }
        }
 }

diff --git a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft
index 145aa08153bc343a46601341001ebd8f30f9be9b..12f97a75e2e5157aab5652c89dc10307c45302f2 100644 (file)
--- a/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft
+++ b/tests/shell/testcases/flowtable/dumps/0014addafterdelete_0.nft
@@ -1,7 +1,7 @@
 table inet filter {
        flowtable f {
                hook ingress priority filter - 1
-               devices = { lo }
+               devices = { "lo" }
                counter
        }
 

diff --git a/tests/shell/testcases/listing/0020flowtable_0 b/tests/shell/testcases/listing/0020flowtable_0
index 14b0c909a7eba2a84e9f515a4bf6b5eebbba1e02..84f5189704264aed397761adaf871ab3f4e35f82 100755 (executable)
--- a/tests/shell/testcases/listing/0020flowtable_0
+++ b/tests/shell/testcases/listing/0020flowtable_0
@@ -8,11 +8,11 @@ set -e
 
 FLOWTABLES="flowtable f {
        hook ingress priority filter
-       devices = { lo }
+       devices = { \"lo\" }
 }
 flowtable f2 {
        hook ingress priority filter
-       devices = { d0 }
+       devices = { \"d0\" }
 }"
 
 RULESET="table inet filter {
@@ -25,23 +25,23 @@ table ip filter {
 EXPECTED="table inet filter {
        flowtable f {
                hook ingress priority filter
-               devices = { lo }
+               devices = { \"lo\" }
        }
 }"
 EXPECTED2="table ip filter {
        flowtable f2 {
                hook ingress priority filter
-               devices = { d0 }
+               devices = { \"d0\" }
        }
 }"
 EXPECTED3="table ip filter {
        flowtable f {
                hook ingress priority filter
-               devices = { lo }
+               devices = { \"lo\" }
        }
        flowtable f2 {
                hook ingress priority filter
-               devices = { d0 }
+               devices = { \"d0\" }
        }
 }"
 

diff --git a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft
index 4a64e531db8403d898cd58d18e2f3db981e2a258..0962e73aff2ce779eb73266dce7573b327543dd2 100644 (file)
--- a/tests/shell/testcases/listing/dumps/0020flowtable_0.nft
+++ b/tests/shell/testcases/listing/dumps/0020flowtable_0.nft
@@ -1,7 +1,7 @@
 table inet filter {
        flowtable f {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
        }
 
        flowtable f2 {
@@ -11,7 +11,7 @@ table inet filter {
 table ip filter {
        flowtable f {
                hook ingress priority filter
-               devices = { lo }
+               devices = { "lo" }
        }
 
        flowtable f2 {