bugzilla-daemon at netfilter.org
2019-Aug-27 18:05 UTC
[Bug 1360] New: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360 Bug ID: 1360 Summary: BUG: invalid expression type concat on invalid input "iifname . oifname p . q" Product: nftables Version: unspecified Hardware: x86_64 OS: Debian GNU/Linux Status: NEW Severity: normal Priority: P5 Component: nft Assignee: pablo at netfilter.org Reporter: arturo at debian.org Bug reported in Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933621 Original message follows: I found a parser bug when experimenting with concatenations: # nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list ruleset' BUG: invalid expression type concat nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed. Aborted (core dumped) # nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p . q; list ruleset' BUG: invalid expression type concat nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed. Aborted (core dumped) nft should print an error message, not crash. Here is an example of the behaviour I expect: # nft 'flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list ruleset' Error: syntax error, unexpected '=' flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list ruleset FYI, the correct input is this: # nft 'flush ruleset; table a; chain a b; a b iifname . oifname { p . q }; list ruleset' table ip a { chain b { iifname . oifname { "a" . "b" } } } -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190827/993efff5/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-28 22:47 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360 kfm at plushkava.net changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kfm at plushkava.net -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/59ca2f63/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 15:46 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED --- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> --- Patch available here: https://patchwork.ozlabs.org/project/netfilter-devel/patch/20200722153204.5175-1-pablo at netfilter.org/ This is rejecting concatenations and singleton values since this is semantically equivalent to the conventional matching selector notation. -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/05271b42/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Aug-06 12:17 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360 Pablo Neira Ayuso <pablo at netfilter.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|ASSIGNED |RESOLVED --- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> --- http://git.netfilter.org/nftables/commit/?id=ba2d0b45e9982ed8764dbeffaf6f4110f308fef8 -- You are receiving this mail because: You are watching all bug changes. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200806/c5dbd41a/attachment.html>
Seemingly Similar Threads
- [Bug 1284] New: nft doesn't accept interface names starting with a number
- [Bug 1059] New: Using wildcard interface names in an anonymous set fails on big endian
- [Bug 1295] New: Access decision from previous priority
- [Bug 1303] New: nft improperly merges intervals
- [Bug 1201] New: Some filters randomly do not work since version 0.8