netfilter buglog - Jul 2020 - [Bug 1442] New: Definitions cannot be referenced in chain type configuration

https://bugzilla.netfilter.org/show_bug.cgi?id=1442

            Bug ID: 1442
           Summary: Definitions cannot be referenced in chain type
                    configuration
           Product: nftables
           Version: unspecified
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: phillc at gmail.com

I've looked through the documentation, and through previous bugs to attempt
to
establish if this is a bug, not a feature, or just WAD but haven't been able
to
find much info.

Having set interface definitions at the top of nftables.conf

define $if_main = ens33

The definition works fine in subsequent rule configuration, but does not work
in chain type definitions.

I am attempting to introduce configuration portability for an ingress hook
chain by doing this:

table netdev filter {
    chain Main_Ingress {
        type filter hook ingress device $if_main priority -500; policy accept;
    }

However I get "Error: syntax error, unexpected '$', expecting
string or quoted
string or string with a trailing asterisk".


OS: Ubuntu 20.04 kernel 5.4.0-40-generic
nftables/focal 0.9.3-2 via apt package

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200716/2ed263f0/attachment.html>

https://bugzilla.netfilter.org/show_bug.cgi?id=1442

Pablo Neira Ayuso <pablo at netfilter.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #1 from Pablo Neira Ayuso <pablo at netfilter.org> ---
Upstream fix:

commit d100e2d811749bf34bb6aeac322052c56661c124
Author: Pablo Neira Ayuso <pablo at netfilter.org>
Date:   Thu Jul 16 14:36:28 2020 +0200

    src: allow to use variables in flowtable and chain devices

Running a quick test here:

# cat x.nft
define if_main = lo

table netdev filter {
 chain Main_Ingress {
  type filter hook ingress device $if_main priority -500; policy accept;
 }
}
# nft -f x.nft

Works fine, thank you for reporting. Closing.

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20200730/c6fc1677/attachment.html>