[Bug 1360] New: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
bugzilla-daemon at netfilter.org
bugzilla-daemon at netfilter.org
Tue Aug 27 20:05:08 CEST 2019
https://bugzilla.netfilter.org/show_bug.cgi?id=1360
Bug ID: 1360
Summary: BUG: invalid expression type concat on invalid input
"iifname . oifname p . q"
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: arturo at debian.org
Bug reported in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933621
Original message follows:
I found a parser bug when experimenting with concatenations:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list
ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p . q;
list ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
nft should print an error message, not crash.
Here is an example of the behaviour I expect:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname = p . q;
list ruleset'
Error: syntax error, unexpected '='
flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list
ruleset
FYI, the correct input is this:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname { p . q };
list ruleset'
table ip a {
chain b {
iifname . oifname { "a" . "b" }
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190827/993efff5/attachment.html>
More information about the netfilter-buglog
mailing list