[pkg-netfilter-team] Bug#933621: BUG: invalid expression type concat on invalid input "iifname . oifname p . q"
Trent W. Buck
trentbuck at gmail.com
Thu Aug 1 04:25:32 BST 2019
Package: nftables
Version: 0.9.1-2
Severity: minor
I found a parser bug when experimenting with concatenations:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname p . q; list ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname != p . q; list ruleset'
BUG: invalid expression type concat
nft: evaluate.c:1726: expr_evaluate_relational: Assertion `0' failed.
Aborted (core dumped)
nft should print an error message, not crash.
Here is an example of the behaviour I expect:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list ruleset'
Error: syntax error, unexpected '='
flush ruleset; table a; chain a b; a b iifname . oifname = p . q; list ruleset
FYI, the correct input is this:
# nft 'flush ruleset; table a; chain a b; a b iifname . oifname { p . q }; list ruleset'
table ip a {
chain b {
iifname . oifname { "a" . "b" }
}
}
More information about the pkg-netfilter-team
mailing list