parser problem in range map?

Linux Netfilter discussions
 help / color / mirror / Atom feed

* parser problem in range map?
@ 2021-01-26 15:02 Andreas Schultz
  2021-01-26 15:32 ` Florian Westphal
  0 siblings, 1 reply; 2+ messages in thread
From: Andreas Schultz @ 2021-01-26 15:02 UTC (permalink / raw)
  To: netfilter

The following simple ruleset fails to load on nftables 0.9.8 (from
Ubuntu 21.04):

#!/usr/sbin/nft -f

flush ruleset

table inet nat {
    chain prerouting {
        type filter hook prerouting priority -100;
        ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
: 10.0.1.2 }
    }

    chain postrouting {
        type filter hook postrouting priority 100;
    }
}

It throws this error:

# nft -f test.nft
test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
type filter hook postrouting priority 100;
                                      ^^^
test.nft:12:31-42: Error: invalid priority expression value in this context.
type filter hook postrouting priority 100;
                             ^^^^^^^^^^^^

Is there something wrong with my expression or is this a bug?

Regards,
Andreas

-- 
Andreas Schultz

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: parser problem in range map?
  2021-01-26 15:02 parser problem in range map? Andreas Schultz
@ 2021-01-26 15:32 ` Florian Westphal
  0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2021-01-26 15:32 UTC (permalink / raw)
  To: Andreas Schultz; +Cc: netfilter

Andreas Schultz <andreas.schultz@travelping.com> wrote:
> The following simple ruleset fails to load on nftables 0.9.8 (from
> Ubuntu 21.04):
> 
> #!/usr/sbin/nft -f
> 
> flush ruleset
> 
> table inet nat {
>     chain prerouting {
>         type filter hook prerouting priority -100;
>         ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
> : 10.0.1.2 }
>     }
> 
>     chain postrouting {
>         type filter hook postrouting priority 100;
>     }
> }
> 
> It throws this error:
> 
> # nft -f test.nft
> test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
> type filter hook postrouting priority 100;
>                                       ^^^
> test.nft:12:31-42: Error: invalid priority expression value in this context.
> type filter hook postrouting priority 100;
>                              ^^^^^^^^^^^^
> 
> Is there something wrong with my expression or is this a bug?

Bug.  This looks like the right fix:

diff --git a/src/evaluate.c b/src/evaluate.c
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3789,8 +3789,8 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio,
        int prio_snd;
        char op;
 
-       ctx->ectx.dtype = &priority_type;
-       ctx->ectx.len = NFT_NAME_MAXLEN * BITS_PER_BYTE;
+       expr_set_context(&ctx->ectx, &priority_type, NFT_NAME_MAXLEN * BITS_PER_BYTE);
+
        if (expr_evaluate(ctx, &prio->expr) < 0)
                return false;


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2021-01-26 15:32 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2021-01-26 15:02 parser problem in range map? Andreas Schultz
2021-01-26 15:32 ` Florian Westphal

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox