bugzilla-daemon at netfilter.org
2019-Aug-27 18:05 UTC
[Bug 1360] New: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360
Bug ID: 1360
Summary: BUG: invalid expression type concat on invalid input
"iifname . oifname p . q"
Product: nftables
Version: unspecified
Hardware: x86_64
OS: Debian GNU/Linux
Status: NEW
Severity: normal
Priority: P5
Component: nft
Assignee: pablo at netfilter.org
Reporter: arturo at debian.org
Bug reported in Debian:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933621
Original message follows:
I found a parser bug when experimenting with concatenations:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q;
list
ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p .
q;
list ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
nft should print an error message, not crash.
Here is an example of the behaviour I expect:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname = p . q;
list ruleset'
Error: syntax error, unexpected '='
flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list
ruleset
FYI, the correct input is this:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname { p . q
};
list ruleset'
table ip a {
chain b {
iifname . oifname { "a" . "b" }
}
}
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20190827/993efff5/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jan-28 22:47 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360
kfm at plushkava.net changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |kfm at plushkava.net
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200128/59ca2f63/attachment.html>
bugzilla-daemon at netfilter.org
2020-Jul-22 15:46 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Patch available here:
https://patchwork.ozlabs.org/project/netfilter-devel/patch/20200722153204.5175-1-pablo
at netfilter.org/
This is rejecting concatenations and singleton values since this is
semantically equivalent to the conventional matching selector notation.
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200722/05271b42/attachment-0001.html>
bugzilla-daemon at netfilter.org
2020-Aug-06 12:17 UTC
[Bug 1360] BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
https://bugzilla.netfilter.org/show_bug.cgi?id=1360
Pablo Neira Ayuso <pablo at netfilter.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|ASSIGNED |RESOLVED
--- Comment #2 from Pablo Neira Ayuso <pablo at netfilter.org> ---
http://git.netfilter.org/nftables/commit/?id=ba2d0b45e9982ed8764dbeffaf6f4110f308fef8
--
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200806/c5dbd41a/attachment.html>
Seemingly Similar Threads
- [Bug 1284] New: nft doesn't accept interface names starting with a number
- [Bug 1059] New: Using wildcard interface names in an anonymous set fails on big endian
- [Bug 1295] New: Access decision from previous priority
- [Bug 1303] New: nft improperly merges intervals
- [Bug 1201] New: Some filters randomly do not work since version 0.8