From: Florian Westphal <fw@strlen.de>
To: Florian Westphal <fw@strlen.de>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [PATCH nft] scanner: disable most rules when we expect literal symbol
Date: Tue, 5 Jan 2016 12:34:07 +0100 [thread overview]
Message-ID: <20160105113407.GC1731@breakpoint.cc> (raw)
In-Reply-To: <1451788347-11846-1-git-send-email-fw@strlen.de>
Florian Westphal <fw@strlen.de> wrote:
> nft fails to parse certain corner-cases, for example:
>
> nft add rule filter input meta rtclassid daddr
>
> ... as it finds DADDR token. However, 'daddr' might be a valid
> routing realm listed in iproute2/rt_realms, so this should be allowed.
>
> Pablo suggested to change the start conditions in the scanner
> accordingly.
>
> After this patch, the following rule works:
>
> ct label & (foobar | saddr) == saddr ip saddr 1.2.3.4 rtclassid { 42, cosmos, rule}
Note that this will not work:
ct label eq foobar
(we disabled eq token, eq is expected to be name of label).
&, ==, !=, etc. will continue to work.
Not sure if thats a bug or feature -- it would be easy to just
remove the <INITIAL> from "eq" so that we continue to recognize
it as "==", but it means that its not possible to use eq, lt, gt,
and so on as usernames, rtclassids, etc etc.
next prev parent reply other threads:[~2016-01-05 11:34 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-01-03 2:32 [PATCH nft] scanner: disable most rules when we expect literal symbol Florian Westphal
2016-01-05 11:34 ` Florian Westphal [this message]
2016-01-10 21:38 ` Florian Westphal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160105113407.GC1731@breakpoint.cc \
--to=fw@strlen.de \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).