* parser problem in range map?
@ 2021-01-26 15:02 Andreas Schultz
2021-01-26 15:32 ` Florian Westphal
0 siblings, 1 reply; 2+ messages in thread
From: Andreas Schultz @ 2021-01-26 15:02 UTC (permalink / raw)
To: netfilter
The following simple ruleset fails to load on nftables 0.9.8 (from
Ubuntu 21.04):
#!/usr/sbin/nft -f
flush ruleset
table inet nat {
chain prerouting {
type filter hook prerouting priority -100;
ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
: 10.0.1.2 }
}
chain postrouting {
type filter hook postrouting priority 100;
}
}
It throws this error:
# nft -f test.nft
test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
type filter hook postrouting priority 100;
^^^
test.nft:12:31-42: Error: invalid priority expression value in this context.
type filter hook postrouting priority 100;
^^^^^^^^^^^^
Is there something wrong with my expression or is this a bug?
Regards,
Andreas
--
Andreas Schultz
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: parser problem in range map?
2021-01-26 15:02 parser problem in range map? Andreas Schultz
@ 2021-01-26 15:32 ` Florian Westphal
0 siblings, 0 replies; 2+ messages in thread
From: Florian Westphal @ 2021-01-26 15:32 UTC (permalink / raw)
To: Andreas Schultz; +Cc: netfilter
Andreas Schultz <andreas.schultz@travelping.com> wrote:
> The following simple ruleset fails to load on nftables 0.9.8 (from
> Ubuntu 21.04):
>
> #!/usr/sbin/nft -f
>
> flush ruleset
>
> table inet nat {
> chain prerouting {
> type filter hook prerouting priority -100;
> ip daddr set numgen inc mod 16 map { 0 - 7 : 10.0.1.1, 8 - 15
> : 10.0.1.2 }
> }
>
> chain postrouting {
> type filter hook postrouting priority 100;
> }
> }
>
> It throws this error:
>
> # nft -f test.nft
> test.nft:12:40-42: Error: Value 100 exceeds valid range 0-15
> type filter hook postrouting priority 100;
> ^^^
> test.nft:12:31-42: Error: invalid priority expression value in this context.
> type filter hook postrouting priority 100;
> ^^^^^^^^^^^^
>
> Is there something wrong with my expression or is this a bug?
Bug. This looks like the right fix:
diff --git a/src/evaluate.c b/src/evaluate.c
--- a/src/evaluate.c
+++ b/src/evaluate.c
@@ -3789,8 +3789,8 @@ static bool evaluate_priority(struct eval_ctx *ctx, struct prio_spec *prio,
int prio_snd;
char op;
- ctx->ectx.dtype = &priority_type;
- ctx->ectx.len = NFT_NAME_MAXLEN * BITS_PER_BYTE;
+ expr_set_context(&ctx->ectx, &priority_type, NFT_NAME_MAXLEN * BITS_PER_BYTE);
+
if (expr_evaluate(ctx, &prio->expr) < 0)
return false;
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2021-01-26 15:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-01-26 15:02 parser problem in range map? Andreas Schultz
2021-01-26 15:32 ` Florian Westphal
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.