From: Florian Westphal <fw@strlen.de>
Date: Fri, 20 Aug 2021 09:52:35 +0000 (+0200)
Subject: parser: permit symbolic define for 'queue num' again
X-Git-Tag: v1.0.1~84
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31b7210b5f66acb32c1c2a25cc096ab395be0760;p=thirdparty%2Fnftables.git

parser: permit symbolic define for 'queue num' again

WHen I simplified the parser to restrict 'queue num' I forgot that
instead of range and immediate value its also allowed to pass in
a variable expression, e.g.

define myq = 0
add rule ... 'queue num $myq bypass'

Allow those as well and add a test case for this.

Fixes: 767f0af82a389 ("parser: restrict queue num expressiveness")
Reported-by: Amish <anon.amish@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
---

diff --git a/src/parser_bison.y b/src/parser_bison.y
index 83f0250a..6b87ece5 100644
--- a/src/parser_bison.y
+++ b/src/parser_bison.y
@@ -3792,6 +3792,7 @@ queue_stmt_arg		:	QUEUENUM	queue_stmt_expr_simple
 
 queue_stmt_expr_simple	:	integer_expr
 			|	range_rhs_expr
+			|	variable_expr
 			;
 
 queue_stmt_expr		:	numgen_expr
diff --git a/tests/shell/testcases/nft-f/0012different_defines_0 b/tests/shell/testcases/nft-f/0012different_defines_0
index 0bdbd1b5..fe228587 100755
--- a/tests/shell/testcases/nft-f/0012different_defines_0
+++ b/tests/shell/testcases/nft-f/0012different_defines_0
@@ -14,6 +14,8 @@ define d_ipv4_2 = 10.0.0.2
 define d_ipv6 = fe0::1
 define d_ipv6_2 = fe0::2
 define d_ports = 100-222
+define d_qnum = 0
+define d_qnumr = 1-42
 
 table inet t {
 	chain c {
@@ -29,6 +31,11 @@ table inet t {
 		ip daddr . meta iif vmap { \$d_ipv4 . \$d_iif : accept }
 		tcp dport \$d_ports
 		udp dport vmap { \$d_ports : accept }
+		tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnum bypass
+		tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue num \$d_qnumr
+		tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass,fanout num \$d_qnumr
+		tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue to symhash mod 2
+		tcp dport 1 tcp sport 1 meta oifname \"foobar\" queue flags bypass to jhash tcp dport . tcp sport mod 4
 	}
 }"
 
diff --git a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
index 28094387..e690f322 100644
--- a/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
+++ b/tests/shell/testcases/nft-f/dumps/0012different_defines_0.nft
@@ -12,5 +12,10 @@ table inet t {
 		ip daddr . iif vmap { 10.0.0.0 . "lo" : accept }
 		tcp dport 100-222
 		udp dport vmap { 100-222 : accept }
+		tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass num 0
+		tcp sport 1 tcp dport 1 oifname "foobar" queue num 1-42
+		tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass,fanout num 1-42
+		tcp sport 1 tcp dport 1 oifname "foobar" queue to symhash mod 2
+		tcp sport 1 tcp dport 1 oifname "foobar" queue flags bypass to jhash tcp dport . tcp sport mod 4
 	}
 }